Changes before error encountered

Co-authored-by: spantaleev <388669+spantaleev@users.noreply.github.com>
Make exim-relay benefits section more concise
2026-04-09 07:44:22 +03:00 · 2026-02-26 02:42:07 +00:00 · 2026-02-26 02:41:56 +00:00 · 2026-02-25 20:33:41 +00:00 · 2026-02-25 20:31:28 +00:00 · 2026-02-25 18:27:47 +02:00
291 changed files with 2357 additions and 6617 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,63 @@
+# 2026-02-21
+
+## (BC Break) coturn is no longer auto-enabled by default
+
+By default, the [coturn](./docs/configuring-playbook-turn.md) TURN server component is no longer enabled for every deployment.
+
+This reduces resources and attach surface for deployments which:
+
+- either don't need calls at all
+- or use the modern [Matrix RTC](docs/configuring-playbook-matrix-rtc.md)/[Element Call](docs/configuring-playbook-element-call.md) stack.
+
+Coturn is still auto-enabled when [Jitsi](./docs/configuring-playbook-jitsi.md) is enabled (`jitsi_enabled: true`), because Jitsi still depends on TURN for legacy Matrix integration.
+
+Additionally, Coturn (when enabled) now defaults to using automatic IP detection of your server's external IP address, instead of assuming your Ansible inventory (`ansible_host`) points to a public address and using it for configuring `coturn_turn_external_ip_address`.
+
+To restore the old behavior (needed for legacy call setups), add the following configuration to your `vars.yml`:
+
+```yml
+coturn_enabled: true
+
+# If you'd like explicit control over the external IP address (like before), keep this too.
+coturn_turn_external_ip_address: "{{ ansible_host }}"
+```
+
+## LiveKit TURN TLS is now automatically fronted by playbook-managed Traefik
+
+For deployments that use the playbook-managed Traefik reverse-proxy, LiveKit TURN over TCP is now SSL-terminated at Traefik and passed as plain TCP to LiveKit (`turn.external_tls = true`) by default.
+
+To disable this behavior, set `livekit_server_config_turn_external_tls: false` and the playbook will revert to the old behavior - using traefik-certs-dumper to extract SSL certificates out of Traefik and pass them to LiveKit for explicit SSL termination there.
+
+If you are using `other-traefik-container` or [another reverse-proxy](./configuring-playbook-own-webserver.md), this change does **not** switch behavior automatically. That mode remains using certificate files in the container (Traefik certificates dumper flow) unless you explicitly set the TURN-Traefik mode variables to opt in.
+
+# 2026-02-17
+
+## (BC Break) prometheus-nginxlog-exporter role has been relocated and variable names need adjustments
+
+The role for prometheus-nginxlog-exporter has been relocated to the [mother-of-all-self-hosting](https://github.com/mother-of-all-self-hosting) organization.
+
+Along with the relocation, the `matrix_prometheus_nginxlog_exporter_` prefix on its variable names has been renamed to `prometheus_nginxlog_exporter_`, so you need to adjust your `vars.yml` configuration.
+
+As always, the playbook would let you know about this and point out any variables you may have missed.
+
+## synapse-auto-invite-accept has been removed from the playbook
+
+[synapse-auto-invite-accept](./docs/configuring-playbook-synapse-auto-accept-invite.md) has been removed from the playbook, as the same functionality [has been integrated](https://github.com/element-hq/synapse/pull/17147) to Synapse since [v1.109.0](https://github.com/element-hq/synapse/releases/tag/v1.109.0).
+
+See [this section](./docs/configuring-playbook-synapse-auto-accept-invite.md#native-alternative) for details about how to enable the function on Synapse.
+
+If you're using any `matrix_synapse_ext_synapse_auto_accept_invite_*` variables, the playbook will let you know which one you'll need to remove from `vars.yml`.
+
+# 2026-02-16
+
+## matrix-appservice-slack has been removed from the playbook
+
+[matrix-appservice-slack](./docs/configuring-playbook-bridge-appservice-slack.md) has been removed from the playbook, as it has been discontinued because the public Matrix.org Slack bridge has been decommissioned on January 14th, 2026.
+
+The playbook will let you know if you're using any `matrix_appservice_slack_*` variables. You'll need to remove them from `vars.yml` and potentially [uninstall the component manually](./docs/configuring-playbook-bridge-appservice-slack.md#uninstalling-the-component-manually).
+
+**Note**: Bridging to [Slack](https://slack.com) can also happen via the [mautrix-slack](./docs/configuring-playbook-bridge-mautrix-slack.md) bridge supported by the playbook.
+
 # 2026-02-13

 ## Conditional service restart for `install-*` commands
@@ -694,8 +754,8 @@ If upstream synapse-admin picks up the pace and improves, the etke.cc fork may d
 If you'd like to switch back to the original synapse-admin software, you can do so by adding the following configuration to your `vars.yml` file:

 ```yaml
-matrix_synapse_admin_docker_image: "{{ matrix_synapse_admin_docker_image_registry_prefix }}awesometechnologies/synapse-admin:{{ matrix_synapse_admin_version }}"
-matrix_synapse_admin_docker_image_registry_prefix_upstream: docker.io/
+matrix_synapse_admin_container_image: "{{ matrix_synapse_admin_container_image_registry_prefix }}awesometechnologies/synapse-admin:{{ matrix_synapse_admin_version }}"
+matrix_synapse_admin_container_image_registry_prefix_upstream: docker.io/

 matrix_synapse_admin_version: 0.10.3

--- a/README.md
+++ b/README.md
@@ -74,7 +74,7 @@ Services that run on the server to make the various parts of your installation w
 | Name | Default? | Description | Documentation |
 | ---- | -------- | ----------- | ------------- |
 | [PostgreSQL](https://www.postgresql.org/)| ✅ | Database for Synapse. [Using an external PostgreSQL server](docs/configuring-playbook-external-postgres.md) is also possible. | [Link](docs/configuring-playbook-external-postgres.md) |
-| [coturn](https://github.com/coturn/coturn) | ✅ | STUN/TURN server for WebRTC audio/video calls | [Link](docs/configuring-playbook-turn.md) |
+| [coturn](https://github.com/coturn/coturn) | ❌ | STUN/TURN server for WebRTC audio/video calls | [Link](docs/configuring-playbook-turn.md) |
 | [Traefik](https://doc.traefik.io/traefik/) | ✅ | Web server, listening on ports 80, 443 and 8448 - standing in front of all the other services. [Using your own webserver](docs/configuring-playbook-own-webserver.md) is also possible. | [Link](docs/configuring-playbook-traefik.md) |
 | [Let's Encrypt](https://letsencrypt.org/) | ✅ | Free SSL certificate, which secures the connection to all components | [Link](docs/configuring-playbook-ssl-certificates.md) |
 | [Exim](https://www.exim.org/) | ✅ | Mail server, through which all Matrix services send outgoing email (can be configured to relay through another SMTP server) | [Link](docs/configuring-playbook-email.md) |
@@ -127,7 +127,6 @@ Bridges can be used to connect your Matrix installation with third-party communi
 | [matrix-appservice-irc](https://github.com/matrix-org/matrix-appservice-irc) | ❌ | Bridge to [IRC](https://wikipedia.org/wiki/Internet_Relay_Chat) | [Link](docs/configuring-playbook-bridge-appservice-irc.md) |
 | [matrix-appservice-kakaotalk](https://src.miscworks.net/fair/matrix-appservice-kakaotalk) | ❌ | Bridge to [Kakaotalk](https://www.kakaocorp.com/page/service/service/KakaoTalk?lang=ENG) | [Link](docs/configuring-playbook-bridge-appservice-kakaotalk.md) |
 | [matrix-appservice-discord](https://github.com/matrix-org/matrix-appservice-discord) | ❌ | Bridge to [Discord](https://discordapp.com/) | [Link](docs/configuring-playbook-bridge-appservice-discord.md) |
-| [matrix-appservice-slack](https://github.com/matrix-org/matrix-appservice-slack) | ❌ | Bridge to [Slack](https://slack.com/) | [Link](docs/configuring-playbook-bridge-appservice-slack.md) |
 | [matrix-hookshot](https://github.com/matrix-org/matrix-hookshot) | ❌ | Bridge for generic webhooks and multiple project management services, such as GitHub, GitLab, Figma, and Jira in particular | [Link](docs/configuring-playbook-bridge-hookshot.md) |
 | [matrix-sms-bridge](https://github.com/benkuly/matrix-sms-bridge) | ❌ | Bridge to SMS | [Link](docs/configuring-playbook-bridge-matrix-bridge-sms.md) |
 | [matrix-steam-bridge](https://github.com/jasonlaguidice/matrix-steam-bridge) | ❌ | Bridge to [Steam](https://steampowered.com/) | [Link](docs/configuring-playbook-bridge-steam.md) |
@@ -172,7 +171,6 @@ Various services that don't fit any other categories.

 | Name | Default? | Description | Documentation |
 | ---- | -------- | ----------- | ------------- |
-| [synapse_auto_accept_invite](https://github.com/matrix-org/synapse-auto-accept-invite) | ❌ | Synapse module to automatically accept invites | [Link](docs/configuring-playbook-synapse-auto-accept-invite.md) |
 | [synapse_auto_compressor](https://github.com/matrix-org/rust-synapse-compress-state/#automated-tool-synapse_auto_compressor) | ❌ | Cli tool that automatically compresses `state_groups` database table in background | [Link](docs/configuring-playbook-synapse-auto-compressor.md) |
 | [Matrix Corporal](https://github.com/devture/matrix-corporal) (advanced) | ❌ | Reconciliator and gateway for a managed Matrix server | [Link](docs/configuring-playbook-matrix-corporal.md) |
 | [Matrix.to](https://github.com/matrix-org/matrix.to) | ❌ | Simple URL redirection service for the Matrix ecosystem | [Link](docs/configuring-playbook-matrixto.md) |
--- a/docs/configuring-playbook-bridge-appservice-slack.md
+++ b/docs/configuring-playbook-bridge-appservice-slack.md
@@ -1,157 +1,38 @@
 <!--
-SPDX-FileCopyrightText: 2019 - 2022 MDAD project contributors
+SPDX-FileCopyrightText: 2019 Edgars Voroboks
+SPDX-FileCopyrightText: 2019 Eduardo Beltrame
+SPDX-FileCopyrightText: 2019-2025 MDAD project contributors
+SPDX-FileCopyrightText: 2019-2025 Slavi Pantaleev
+SPDX-FileCopyrightText: 2020 Chris van Dijk
+SPDX-FileCopyrightText: 2020 Tulir Asokan
 SPDX-FileCopyrightText: 2020 Udo Rader
-SPDX-FileCopyrightText: 2021 - 2024 Slavi Pantaleev
+SPDX-FileCopyrightText: 2020 jens quade
 SPDX-FileCopyrightText: 2021 Joel Bennett
-SPDX-FileCopyrightText: 2024 - 2025 Suguru Hirahara
+SPDX-FileCopyrightText: 2022 Dennis Ciba
+SPDX-FileCopyrightText: 2022 Kim Brose
+SPDX-FileCopyrightText: 2022 Travis Ralston
+SPDX-FileCopyrightText: 2022 Vladimir Panteleev
+SPDX-FileCopyrightText: 2022 Yan Minagawa
 SPDX-FileCopyrightText: 2024 Fabio Bonelli
+SPDX-FileCopyrightText: 2024-2026 Suguru Hirahara

 SPDX-License-Identifier: AGPL-3.0-or-later
 -->

-# Setting up Appservice Slack bridging (optional)
+# Setting up Appservice Slack bridging (optional, removed)

-**Notes**:
- Bridging to [Slack](https://slack.com) can also happen via the [mautrix-slack](configuring-playbook-bridge-mautrix-slack.md) bridge supported by the playbook.
- Currently (as of November, 2024) **this component is not available for new installation unless you have already created a classic Slack application** (which the bridge makes use of in order to enable bridging between Slack and Matrix), because the creation of classic Slack applications has been discontinued since June 4 2024. The author of the bridge claims [here](https://github.com/matrix-org/matrix-appservice-slack/issues/789#issuecomment-2172947787) that he plans to support the modern Slack application and until then "the best (and only) option for new installations is to use the webhook bridging".
+🪦 The playbook used to be able to install and configure [matrix-appservice-slack](https://github.com/matrix-org/matrix-appservice-slack), but no longer includes this component, as it had been unavailable for new installation since 2024, and was finally abandoned because the public Matrix.org Slack bridge has been decommissioned on January 14th, 2026.

-The playbook can install and configure [matrix-appservice-slack](https://github.com/matrix-org/matrix-appservice-slack) for you.
+**Note**: Bridging to [Slack](https://slack.com) can also happen via the [mautrix-slack](configuring-playbook-bridge-mautrix-slack.md) bridge supported by the playbook.

-See the project's [documentation](https://github.com/matrix-org/matrix-appservice-slack/blob/master/README.md) to learn what it does and why it might be useful to you.
+## Uninstalling the component manually

-## Prerequisites
+If you still have matrix-appservice-slack installed on your Matrix server, the playbook can no longer help you uninstall it and you will need to do it manually. To uninstall manually, run these commands on the server:

-### Create a Classic Slack App
-
-First, you need to create a Classic Slack App [here](https://api.slack.com/apps?new_classic_app=1).
-
-Name the app "matrixbot" (or anything else you'll remember). Select the team/workspace this app will belong to. Click on bot users and add a new bot user. We will use this account to bridge the the rooms.
-
-Then, click on Event Subscriptions and enable them and use the request url: `https://matrix.example.com/appservice-slack`.
-
-Add the following events as `Bot User Events` and save:
-
- team_domain_change
- message.channels
- message.groups (if you want to bridge private channels)
- reaction_added
- reaction_removed
-
-Next, click on "OAuth & Permissions" and add the following scopes:
-
- chat:write:bot
- users:read
- reactions:write
- files:write:user (if you want to bridge files)
-
-**Note**: In order to make Slack files visible to Matrix users, this bridge will make Slack files visible to anyone with the url (including files in private channels). This is different than the current behavior in Slack, which only allows authenticated access to media posted in private channels. See MSC701 for details.
-
-Click on "Install App" and "Install App to Workspace". Note the access tokens shown. You will need the Bot User OAuth Access Token and if you want to bridge files, the OAuth Access Token whenever you link a room.
-
-### Create an administration control room on Matrix
-
-Create a new Matrix room to act as the administration control room.
-
-Note its internal room ID. This can be done in Element Web by sending a message, opening the options for that message and choosing "view source". The room ID will be displayed near the top.
-
-## Adjusting the playbook configuration
-
-To enable the bridge, add the following configuration to your `inventory/host_vars/matrix.example.com/vars.yml` file:
-
-```yaml
-matrix_appservice_slack_enabled: true
-matrix_appservice_slack_control_room_id: "Your Matrix admin room ID"
-
-# Uncomment to enable puppeting (optional, but recommended)
-# matrix_appservice_slack_puppeting_enabled: true
-# matrix_appservice_slack_puppeting_slackapp_client_id: "Your Classic Slack App Client ID"
-# matrix_appservice_slack_puppeting_slackapp_client_secret: "Your Classic Slack App Client Secret"
-
-# Uncomment to enable Team Sync (optional)
-# See https://matrix-appservice-slack.readthedocs.io/en/latest/team_sync/
-# matrix_appservice_slack_team_sync_enabled: true
-```
-
-### Extending the configuration
-
-There are some additional things you may wish to configure about the bridge.
-
-Take a look at:
-
- `roles/custom/matrix-bridge-appservice-slack/defaults/main.yml` for some variables that you can customize via your `vars.yml` file
- `roles/custom/matrix-bridge-appservice-slack/templates/config.yaml.j2` for the bridge's default configuration. You can override settings (even those that don't have dedicated playbook variables) using the `matrix_appservice_slack_configuration_extension_yaml` variable
-
-For example, to change the bot's username from `slackbot`, add the following configuration to your `vars.yml` file. Replace `examplebot` with your own.
-
-```yaml
-matrix_appservice_slack_configuration_extension_yaml: |
-  bot_username: "examplebot"
-```
-
-## Installing
-
-After configuring the playbook, run it with [playbook tags](playbook-tags.md) as below:
-
-<!-- NOTE: let this conservative command run (instead of install-all) to make it clear that failure of the command means something is clearly broken. -->
 ```sh
-ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
+systemctl disable --now matrix-appservice-slack.service
+
+rm -rf /matrix/appservice-slack
+
+/matrix/postgres/bin/cli-non-interactive -c 'DROP DATABASE matrix_appservice_slack;'
 ```
-
-The shortcut commands with the [`just` program](just.md) are also available: `just install-all` or `just setup-all`
-
-`just install-all` is useful for maintaining your setup quickly ([2x-5x faster](../CHANGELOG.md#2x-5x-performance-improvements-in-playbook-runtime) than `just setup-all`) when its components remain unchanged. If you adjust your `vars.yml` to remove other components, you'd need to run `just setup-all`, or these components will still remain installed. Note these shortcuts run the `ensure-matrix-users-created` tag too.
-
-## Usage
-
-To use the bridge, you need to send `/invite @slackbot:example.com` to invite the bridge bot user into the admin room.
-
-If Team Sync is not enabled, for each channel you would like to bridge, perform the following steps:
-
- Create a Matrix room in the usual manner for your client. Take a note of its Matrix room ID — it will look something like `!qporfwt:example.com`.
- Invite the bot user to both the Slack and Matrix channels you would like to bridge using `/invite @matrixbot` for Slack and `/invite @slackbot:example.com` for Matrix.
- Determine the "channel ID" that Slack uses to identify the channel. You can see it when you open a given Slack channel in a browser. The URL reads like this: `https://app.slack.com/client/XXX/<the channel ID>/details/`.
- Issue a link command in the administration control room with these collected values as arguments:
-
-    with file bridging:
-
-    ```
-    link --channel_id CHANNELID --room !qporfwt:example.com --slack_bot_token xoxb-xxxxxxxxxx-xxxxxxxxxxxxxxxxxxxx --slack_user_token xoxp-xxxxxxxx-xxxxxxxxx-xxxxxxxx-xxxxxxxx
-    ```
-
-    without file bridging:
-
-    ```
-    link --channel_id CHANNELID --room !qporfwt:example.com --slack_bot_token xoxb-xxxxxxxxxx-xxxxxxxxxxxxxxxxxxxx
-    ```
-
-    These arguments can be shortened to single-letter forms:
-
-    ```
-    link -I CHANNELID -R !qporfwt:example.com -t xoxb-xxxxxxxxxx-xxxxxxxxxxxxxxxxxxxx
-    ```
-
-### Unlinking
-
-Channels can be unlinked again by sending this:
-
-```
-unlink --room !qporfwt:example.com
-```
-
-Unlinking doesn't only disconnect the bridge, but also makes the slackbot leave the bridged Matrix room. So in case you want to re-link later, don't forget to re-invite the slackbot into this room again.
-
-## Troubleshooting
-
-As with all other services, you can find the logs in [systemd-journald](https://www.freedesktop.org/software/systemd/man/systemd-journald.service.html) by logging in to the server with SSH and running `journalctl -fu matrix-appservice-slack`.
-
-### Linking: "Room is now pending-name"
-
-This typically means that you haven't used the correct Slack channel ID. Unlink the room and recheck 'Determine the "channel ID"' from above.
-
-### Messages work from Matrix to Slack, but not the other way around
-
-Check the logs, and if you find the message like below, unlink your room, reinvite the bot and re-link it again.
-
-`WARN SlackEventHandler Ignoring message from unrecognised Slack channel ID : %s (%s) <the channel ID> <some other ID>`
-
-This may particularly hit you, if you tried to unsuccessfully link your room multiple times without unlinking it after each failed attempt.
--- a/docs/configuring-playbook-bridge-mautrix-discord.md
+++ b/docs/configuring-playbook-bridge-mautrix-discord.md
@@ -1,11 +1,11 @@
 <!--
-SPDX-FileCopyrightText: 2018 - 2024 Slavi Pantaleev
 SPDX-FileCopyrightText: 2018 Hugues Morisset
-SPDX-FileCopyrightText: 2021 - 2022 MDAD project contributors
+SPDX-FileCopyrightText: 2018-2024 Slavi Pantaleev
+SPDX-FileCopyrightText: 2021, 2022 MDAD project contributors
 SPDX-FileCopyrightText: 2022 Abílio Costa
 SPDX-FileCopyrightText: 2022 Dennis Ciba
 SPDX-FileCopyrightText: 2022 Marko Weltzer
-SPDX-FileCopyrightText: 2024 - 2025 Suguru Hirahara
+SPDX-FileCopyrightText: 2024-2026 Suguru Hirahara

 SPDX-License-Identifier: AGPL-3.0-or-later
 -->
@@ -24,6 +24,8 @@ See the project's [documentation](https://docs.mau.fi/bridges/go/discord/index.h

 There are 3 ways to login to discord using this bridge, either by [scanning a QR code](https://docs.mau.fi/bridges/go/discord/authentication.html#qr-login) using the Discord mobile app, by using a [Discord token](https://docs.mau.fi/bridges/go/discord/authentication.html#token-login), **or** by using a [Discord bot token](https://docs.mau.fi/bridges/go/discord/authentication.html#bot-token-login).

+⚠️ QR code login is considered a self-bot and is forbidden by Discord. It can result in an account termination. See the [Discord policy](https://support.discord.com/hc/en-us/articles/115002192352-Automated-User-Accounts-Self-Bots).
+
 ### Enable Appservice Double Puppet or Shared Secret Auth (optional)

 If you want to set up [Double Puppeting](https://docs.mau.fi/bridges/general/double-puppeting.html) (hint: you most likely do) for this bridge automatically, you need to have enabled [Appservice Double Puppet](configuring-playbook-appservice-double-puppet.md) or [Shared Secret Auth](configuring-playbook-shared-secret-auth.md) service for this playbook.
@@ -98,4 +100,5 @@ matrix_mautrix_discord_logging_level: 'debug'
 ```

 ### Command requires room admin rights when user is creator
+
 [MSC4289](https://github.com/matrix-org/matrix-spec-proposals/blob/main/proposals/4289-privilege-creators.md), introduced in [room version 12](https://spec.matrix.org/unstable/rooms/v12/), gives creators an infinitley high powerlevel. At the time of implementation, mautrix-discord and similar applications may not identify creators as or above admins. Either a separate admin user will need to manage the bridge or the room version should be less than version 12.
--- a/docs/configuring-playbook-bridge-mautrix-slack.md
+++ b/docs/configuring-playbook-bridge-mautrix-slack.md
@@ -11,10 +11,6 @@ SPDX-License-Identifier: AGPL-3.0-or-later

 <sup>Refer the common guide for configuring mautrix bridges: [Setting up a Generic Mautrix Bridge](configuring-playbook-bridge-mautrix-bridges.md)</sup>

-**Note**: bridging to [Slack](https://slack.com/) can also happen via the [matrix-appservice-slack](configuring-playbook-bridge-appservice-slack.md) bridge supported by the playbook.
- For using as a Bot we recommend the [Appservice Slack](configuring-playbook-bridge-appservice-slack.md), because it supports plumbing. Note that it is not available for new installation unless you have already created a classic Slack application, because the creation of classic Slack applications, which this bridge makes use of, has been discontinued.
- For personal use with a slack account we recommend the `mautrix-slack` bridge (the one being discussed here), because it is the most fully-featured and stable of the 3 Slack bridges supported by the playbook.
-
 The playbook can install and configure [mautrix-slack](https://github.com/mautrix/slack) for you.

 See the project's [documentation](https://docs.mau.fi/bridges/go/slack/index.html) to learn what it does and why it might be useful to you.
@@ -25,7 +21,7 @@ See the [features and roadmap](https://github.com/mautrix/slack/blob/main/ROADMA

 For using this bridge, you would need to authenticate by **providing your username and password** (legacy) or by using a **token login**. See more information in the [docs](https://docs.mau.fi/bridges/go/slack/authentication.html).

-Note that neither of these methods are officially supported by Slack. [matrix-appservice-slack](configuring-playbook-bridge-appservice-slack.md) uses a Slack bot account which is the only officially supported method for bridging a Slack channel.
+Note that neither of these methods are officially supported by Slack.

 ### Enable Appservice Double Puppet (optional)

--- a/docs/configuring-playbook-continuwuity.md
+++ b/docs/configuring-playbook-continuwuity.md
@@ -58,9 +58,14 @@ matrix_continuwuity_environment_variables_extension: |

 Unlike other homeserver implementations (like Synapse and Dendrite), continuwuity does not support creating users via the command line or via the playbook.

-If you followed the instructions above (see [Adjusting the playbook configuration](#adjusting-the-playbook-configuration)), you should have registration enabled and protected by a registration token.
+On first startup, Continuwuity creates a special one-time-use registration token and logs it to the server's console. To access this, you will need to SSH into the server and run the following command:

-This should allow you to create the first user account via any client (like [Element Web](./configuring-playbook-client-element-web.md)) which supports creating users.
+```sh
+# Adjust the duration if necessary or remove the whole --since argument
+journalctl -u matrix-continuwuity.service --since="10 minutes ago"
+```
+
+Find the token, highlight it, and copy it (ctrl+shift+C). This token should allow you to create the first user account via any client (like [Element Web](./configuring-playbook-client-element-web.md)) which supports creating users.

 The **first user account that you create will be marked as an admin** and **will be automatically invited to an admin room**.

--- a/docs/configuring-playbook-email.md
+++ b/docs/configuring-playbook-email.md
@@ -17,6 +17,16 @@ The [Ansible role for exim-relay](https://github.com/mother-of-all-self-hosting/
 - 🌐 [the role's documentation at the MASH project](https://github.com/mother-of-all-self-hosting/ansible-role-exim-relay/blob/main/docs/configuring-exim-relay.md) online
 - 📁 `roles/galaxy/exim_relay/docs/configuring-exim-relay.md` locally, if you have [fetched the Ansible roles](installing.md#update-ansible-roles)

+## Why use exim-relay?
+
+**Benefits of using exim-relay** instead of configuring SMTP directly in each service:
+
+1. **Final delivery capability**: Can deliver emails directly if you don't have an SMTP server
+
+2. **Centralized configuration**: Configure your upstream SMTP server once in exim-relay, then point all services ([Synapse](configuring-playbook-synapse.md), [Matrix Authentication Service](configuring-playbook-matrix-authentication-service.md), etc.) there—no need to configure SMTP in each component
+
+3. **Local spooling**: Stores messages locally and retries delivery if your upstream SMTP server is temporarily unavailable
+
 ## Firewall settings

 No matter whether you send email directly (the default) or you relay email through another host, you'll probably need to allow outgoing traffic for TCP ports 25/587 (depending on configuration).
--- a/docs/configuring-playbook-jitsi.md
+++ b/docs/configuring-playbook-jitsi.md
@@ -18,6 +18,9 @@ SPDX-License-Identifier: AGPL-3.0-or-later

 The playbook can install and configure the [Jitsi](https://jitsi.org/) video-conferencing platform for you.

+Because Jitsi still requires a TURN server, enabling Jitsi
+automatically enables coturn (`coturn_enabled: true`) unless you explicitly disable it.
+
 Jitsi is an open source video-conferencing platform. It can not only be integrated with Element clients ([Element Web](configuring-playbook-client-element-web.md)/Desktop, Android and iOS) as a widget, but also be used as standalone web app.

 💡 If you're into experimental technology, you may also be interested in trying out [Element Call](configuring-playbook-element-call.md) - a native Matrix video conferencing application.
--- a/docs/configuring-playbook-livekit-server.md
+++ b/docs/configuring-playbook-livekit-server.md
@@ -31,8 +31,39 @@ To ensure LiveKit Server functions correctly, the following firewall rules and p

 💡 The suggestions above are inspired by the upstream [Ports and Firewall](https://docs.livekit.io/home/self-hosting/ports-firewall/) documentation based on how LiveKit is configured in the playbook. If you've using custom configuration for the LiveKit Server role, you may need to adjust the firewall rules accordingly.

+## TURN TLS handling
+
+When `matrix_playbook_reverse_proxy_type` is `playbook-managed-traefik` (which is the default for this playbook), TURN over TCP is terminated by Traefik and forwarded to LiveKit with `turn.external_tls = true`. In this playbook default, this mode is enabled automatically when SSL is enabled and TURN is enabled.
+
+- The playbook installs a dedicated Traefik TCP entrypoint for TURN (`matrix-livekit-turn`) by default and binds it to `tcp/5350`.
+- `livekit_server_config_turn_external_tls` is automatically enabled for this setup.
+- Because Traefik handles TLS, LiveKit no longer needs certificate-file paths for TURN in this mode.
+
+To opt out and keep TURN TLS termination in LiveKit itself, set:
+
+```yml
+livekit_server_config_turn_external_tls: false
+```
+
+In this playbook, certificate paths are managed automatically via `group_vars/matrix_servers` when certificate dumping is enabled.
+
+If your setup uses `other-traefik-container` or [another reverse-proxy](./configuring-playbook-own-webserver.md), behavior is unchanged by default and still relies on certificates being available inside the container as before.
+
+Deployments using `other-traefik-container` can opt into the same Traefik-terminated mode there, by setting:
+
+```yml
+livekit_server_config_turn_external_tls: true
+livekit_server_container_labels_turn_traefik_enabled: true
+livekit_server_container_labels_turn_traefik_entrypoints: "<your-livekit-turn-traffic-entrypoint>"
+```
+
+and configuring their own Traefik TCP entrypoint dedicated to LiveKit TURN traffic.
+
 ## Limitations

-For some reason, LiveKit Server's TURN ports (`3479/udp` and `5350/tcp`) are not reachable over IPv6 regardless of whether you've [enabled IPv6](./configuring-ipv6.md) for your server.
+LiveKit Server's TURN listener behavior depends on where TLS is terminated:

-It seems like LiveKit Server intentionally only listens on `udp4` and `tcp4` as seen [here](https://github.com/livekit/livekit/blob/154b4d26b769c68a03c096124094b97bf61a996f/pkg/service/turn.go#L128) and [here](https://github.com/livekit/livekit/blob/154b4d26b769c68a03c096124094b97bf61a996f/pkg/service/turn.go#L92).
+- Direct LiveKit TURN listeners (`livekit_server_config_turn_external_tls: false`) still use IPv4-only sockets for `3479/udp` and `5350/tcp`, so IPv6 connectivity to these endpoints is not possible.
+- With [TURN TLS handling](#turn-tls-handling) (`livekit_server_config_turn_external_tls: true`), the playbook's dedicated `matrix-livekit-turn` TCP entrypoint can still listen on both IPv4 and IPv6. Traefik then forwards TURN/TCP to LiveKit.
+
+It appears that LiveKit Server intentionally only listens on `udp4` and `tcp4` in direct mode, as seen [here](https://github.com/livekit/livekit/blob/154b4d26b769c68a03c096124094b97bf61a996f/pkg/service/turn.go#L128) and [here](https://github.com/livekit/livekit/blob/154b4d26b769c68a03c096124094b97bf61a996f/pkg/service/turn.go#L92).
--- a/docs/configuring-playbook-prometheus-grafana.md
+++ b/docs/configuring-playbook-prometheus-grafana.md
@@ -83,7 +83,7 @@ See the project's [documentation](https://github.com/martin-helmich/prometheus-n
 To enable it, add the following configuration to your `vars.yml` file:

 ```yaml
-matrix_prometheus_nginxlog_exporter_enabled: true
+prometheus_nginxlog_exporter_enabled: true
 ```

 If you enable Grafana, a dedicated `NGINX PROXY` Grafana dashboard will be created.
@@ -95,8 +95,8 @@ If you enable Grafana, a dedicated `NGINX PROXY` Grafana dashboard will be creat
 At the moment of writing only images for `amd64` and `arm64` architectures are available. The playbook currently does not support [self-building](./self-building.md) a container image on other architectures. You can however use a custom-build image by setting:

 ```yaml
-matrix_prometheus_nginxlog_exporter_docker_image_arch_check_enabled: false
-matrix_prometheus_nginxlog_exporter_docker_image: path/to/docker/image:tag
+prometheus_nginxlog_exporter_container_image_arch_check_enabled: false
+prometheus_nginxlog_exporter_container_image: path/to/docker/image:tag
 ```

 ### Extending the configuration
@@ -106,7 +106,7 @@ There are some additional things you may wish to configure about Prometheus and
 Take a look at:

 - [Prometheus role](https://github.com/mother-of-all-self-hosting/ansible-role-prometheus)'s [`defaults/main.yml`](https://github.com/mother-of-all-self-hosting/ansible-role-prometheus/blob/main/defaults/main.yml) for some variables that you can customize via your `vars.yml` file. You can override settings (even those that don't have dedicated playbook variables) using the `prometheus_configuration_extension_yaml` variable
- `roles/custom/matrix-prometheus-nginxlog-exporter/defaults/main.yml` for some variables that you can customize via your `vars.yml` file
+- `roles/galaxy/prometheus_nginxlog_exporter/defaults/main.yml` for some variables that you can customize via your `vars.yml` file

 ## Adjusting the playbook configuration — Grafana

@@ -181,8 +181,8 @@ Name | Description
 `prometheus_node_exporter_container_labels_traefik_enabled`|Set this to `true` to expose the node (general system stats) metrics on `https://matrix.example.com/metrics/node-exporter`.
 `prometheus_postgres_exporter_enabled`|Set this to `true` to enable the [Postgres exporter](#enable-metrics-and-graphs-for-postgres-optional) (locally, on the container network).
 `prometheus_postgres_exporter_container_labels_traefik_enabled`|Set this to `true` to expose the [Postgres exporter](#enable-metrics-and-graphs-for-postgres-optional) metrics on `https://matrix.example.com/metrics/postgres-exporter`.
-`matrix_prometheus_nginxlog_exporter_enabled`|Set this to `true` to enable the [nginx Log exporter](#enable-metrics-and-graphs-for-nginx-logs-optional) (locally, on the container network).
-`matrix_prometheus_nginxlog_exporter_metrics_proxying_enabled`|Set this to `true` to expose the [nginx Log exporter](#enable-metrics-and-graphs-for-nginx-logs-optional) metrics on `https://matrix.example.com/metrics/nginxlog`.
+`prometheus_nginxlog_exporter_enabled`|Set this to `true` to enable the [prometheus-nginxlog-exporter](#enable-metrics-and-graphs-for-nginx-logs-optional) (locally, on the container network).
+`prometheus_nginxlog_exporter_container_labels_traefik_enabled`|Set this to `true` to expose the [prometheus-nginxlog-exporter](#enable-metrics-and-graphs-for-nginx-logs-optional) metrics on `https://matrix.example.com/metrics/nginxlog`.

 ### Expose metrics of other services/roles

--- a/docs/configuring-playbook-synapse-admin.md
+++ b/docs/configuring-playbook-synapse-admin.md
@@ -1,24 +1,26 @@
 <!--
-SPDX-FileCopyrightText: 2020 - 2024 MDAD project contributors
-SPDX-FileCopyrightText: 2020 - 2024 Slavi Pantaleev
+SPDX-FileCopyrightText: 2020-2024 MDAD project contributors
+SPDX-FileCopyrightText: 2020-2024 Slavi Pantaleev
 SPDX-FileCopyrightText: 2021 Aaron Raimist
 SPDX-FileCopyrightText: 2023 Christian González
-SPDX-FileCopyrightText: 2024 - 2025 Suguru Hirahara
 SPDX-FileCopyrightText: 2024 Nikita Chernyi
 SPDX-FileCopyrightText: 2024 Uğur İLTER
+SPDX-FileCopyrightText: 2024-2026 Suguru Hirahara

 SPDX-License-Identifier: AGPL-3.0-or-later
 -->

 # Setting up Synapse Admin (optional)

-The playbook can install and configure [etkecc/synapse-admin](https://github.com/etkecc/synapse-admin) (a [feature-rich](https://github.com/etkecc/synapse-admin#fork-differences) fork of [Awesome-Technologies/synapse-admin](https://github.com/Awesome-Technologies/synapse-admin), community room: [#synapse-admin:etke.cc](https://matrix.to/#/#synapse-admin:etke.cc)) for you.
+The playbook can install and configure Synapse Admin for you.

-synapse-admin is a web UI tool you can use to **administrate users, rooms, media, etc. on your Matrix server**. It's designed to work with the Synapse homeserver implementation and WON'T work with Dendrite because [Dendrite Admin API](https://element-hq.github.io/dendrite/administration/adminapi) differs from [Synapse Admin API](https://element-hq.github.io/synapse/latest/usage/administration/admin_api/).
+Synapse Admin is a web UI tool you can use to **administrate users, rooms, media, etc. on your Matrix homeserver**. This playbook is configured to install [etkecc/synapse-admin](https://github.com/etkecc/synapse-admin), which is a [feature-rich](https://github.com/etkecc/synapse-admin#fork-differences) fork of [Awesome-Technologies/synapse-admin](https://github.com/Awesome-Technologies/synapse-admin).

-💡 **Note**: the latest version of synapse-admin is hosted by [etke.cc](https://etke.cc/) at [admin.etke.cc](https://admin.etke.cc/). If you only need this service occasionally and trust giving your admin credentials to a 3rd party Single Page Application, you can consider using it from there and avoiding the (small) overhead of self-hosting.
-
-💡 **Note**: The playbook also supports an alternative management UI in the shape of [Element Admin](./configuring-playbook-element-admin.md). However, it's currently less feature-rich than Synapse Admin and has a dependency on [Matrix Authentication Service](./configuring-playbook-matrix-authentication-service.md).
+>[!NOTE]
+>
+> - Synapse Admin does not work with other homeserver implementations than Synapse due to API's incompatibility.
+> - The latest version of Synapse Admin is hosted by [etke.cc](https://etke.cc/) at [admin.etke.cc](https://admin.etke.cc/). If you only need this service occasionally and trust giving your admin credentials to a 3rd party Single Page Application, you can consider using it from there and avoiding the (small) overhead of self-hosting.
+> - This playbook also supports an alternative management UI in the shape of [Element Admin](./configuring-playbook-element-admin.md). Please note that it's currently less feature-rich than Synapse Admin and requires [Matrix Authentication Service](./configuring-playbook-matrix-authentication-service.md).

 ## Adjusting DNS records (optional)

@@ -87,3 +89,5 @@ To use Synapse Admin, you need to have [registered at least one administrator ac
 ## Troubleshooting

 As with all other services, you can find the logs in [systemd-journald](https://www.freedesktop.org/software/systemd/man/systemd-journald.service.html) by logging in to the server with SSH and running `journalctl -fu matrix-synapse-admin`.
+
+If you have questions, you can join this community room and feel free to ask: [#synapse-admin:etke.cc](https://matrix.to/#/#synapse-admin:etke.cc)
--- a/docs/configuring-playbook-synapse-auto-accept-invite.md
+++ b/docs/configuring-playbook-synapse-auto-accept-invite.md
@@ -1,45 +1,26 @@
 <!--
-SPDX-FileCopyrightText: 2024 MDAD project contributors
-SPDX-FileCopyrightText: 2024 Slavi Pantaleev
-SPDX-FileCopyrightText: 2024 Suguru Hirahara
+SPDX-FileCopyrightText: 2019 Eduardo Beltrame
+SPDX-FileCopyrightText: 2019-2025 Slavi Pantaleev
+SPDX-FileCopyrightText: 2020 Tulir Asokan
+SPDX-FileCopyrightText: 2021, 2024 MDAD project contributors
+SPDX-FileCopyrightText: 2022 Dennis Ciba
+SPDX-FileCopyrightText: 2022 Vladimir Panteleev
+SPDX-FileCopyrightText: 2023 Justin Croonenberghs
+SPDX-FileCopyrightText: 2023 Kuba Orlik
+SPDX-FileCopyrightText: 2023 Pierre 'McFly' Marty
+SPDX-FileCopyrightText: 2023 Samuel Meenzen
+SPDX-FileCopyrightText: 2024 Fabio Bonelli
+SPDX-FileCopyrightText: 2024-2026 Suguru Hirahara

 SPDX-License-Identifier: AGPL-3.0-or-later
 -->

-# Setting up Synapse Auto Invite Accept (optional)
+# Setting up Synapse Auto Invite Accept (optional, removed)

-The playbook can install and configure [synapse-auto-invite-accept](https://github.com/matrix-org/synapse-auto-accept-invite) for you.
-
-In short, it automatically accepts room invites. You can specify that only 1:1 room invites are auto-accepted. Defaults to false if not specified.
-
-See the project's [documentation](https://github.com/matrix-org/synapse-auto-accept-invite/blob/main/README.md) to learn what it does and why it might be useful to you.
-
-**Note**: Synapse [v1.109.0](https://github.com/element-hq/synapse/releases/tag/v1.109.0), the same feature [has been merged](https://github.com/element-hq/synapse/pull/17147) into Synapse (see the [Native alternative](#native-alternative) section below). You'd better use the native feature, instead of the [synapse-auto-invite-accept](https://github.com/matrix-org/synapse-auto-accept-invite) 3rd party module.
-
-## Adjusting the playbook configuration
-
-If you decide that you'd like to let this playbook install the [synapse-auto-invite-accept](https://github.com/matrix-org/synapse-auto-accept-invite module for you, add the following configuration to your `inventory/host_vars/matrix.example.com/vars.yml` file:
-
-```yaml
-matrix_synapse_ext_synapse_auto_accept_invite_enabled: true
-
-matrix_synapse_ext_synapse_auto_accept_invite_accept_invites_only_direct_messages: true
-```
-
-### Synapse worker deployments
-
-In a [workerized Synapse deployment](https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/c9a842147e09647c355799ca024d65a5de66b099/docs/configuring-playbook-synapse.md#load-balancing-with-workers) it is possible to run this module on a worker to reduce the load on the main process (Default is `null`). For example, add this to your configuration:
-
-```yaml
-matrix_synapse_ext_synapse_auto_accept_invite_worker_to_run_on: 'matrix-synapse-worker-generic-0'
-```
-
-There might be an [issue with federation](https://github.com/matrix-org/synapse-auto-accept-invite/issues/18).
+🪦 The playbook used to be able to install and configure [synapse-auto-invite-accept](https://github.com/matrix-org/synapse-auto-accept-invite), but no longer includes this component, as the same functionality [has been integrated](https://github.com/element-hq/synapse/pull/17147) to Synapse since [v1.109.0](https://github.com/element-hq/synapse/releases/tag/v1.109.0).

 ## Native alternative

-Since Synapse [v1.109.0](https://github.com/element-hq/synapse/releases/tag/v1.109.0), the functionality provided by the [synapse-auto-invite-accept](https://github.com/matrix-org/synapse-auto-accept-invite) 3rd party module [has been made](https://github.com/element-hq/synapse/pull/17147) part of Synapse.
-
 Here's example configuration for using the **native** Synapse feature:

 ```yaml
--- a/docs/configuring-playbook-synapse.md
+++ b/docs/configuring-playbook-synapse.md
@@ -80,6 +80,29 @@ A separate Ansible role (`matrix-synapse-reverse-proxy-companion`) and component

 In case any problems occur, make sure to have a look at the [list of synapse issues about workers](https://github.com/element-hq/synapse/issues?q=workers+in%3Atitle) and your `journalctl --unit 'matrix-*'`.

+### Limit joining heavy rooms on constrained hosts
+
+If your server is underpowered, joining heavy rooms can cause Synapse to consume a lot of resources and be unavailable for long (while it catches up).
+
+To avoid this, Synapse can be configured to reject joins for remote rooms that are too complex before users enter them.
+
+Complexity is computed as `current_state_events / 500` (Synapse state event count for current room state). When the resulting value is higher than `matrix_synapse_limit_remote_rooms_complexity` and `matrix_synapse_limit_remote_rooms_enabled` is `true`, Synapse blocks joining the room.
+
+We recommend using this as a guardrail on low-resource servers:
+
+```yaml
+matrix_synapse_limit_remote_rooms_enabled: true
+
+# Tweak as necessary
+matrix_synapse_limit_remote_rooms_complexity: 1.0
+
+# Uncomment and tweak if necessary
+# matrix_synapse_limit_remote_rooms_complexity_error: "Your homeserver is unable to join rooms this large or complex. Please speak to your server administrator, or upgrade your instance to join this room."
+
+# If you'd like your admins to be exempt from this limit, uncomment the line below
+# matrix_synapse_limit_remote_rooms_admins_can_join: true
+```
+
 ### Synapse + OpenID Connect for Single-Sign-On

 💡 An alternative to setting up OIDC in Synapse is to use [Matrix Authentication Service](./configuring-playbook-matrix-authentication-service.md) (MAS). Newer clients (like Element X) only support SSO-based authentication via MAS and not via the legacy Synapse OIDC setup described below. That said, MAS is still a new experimental service which comes with its own downsides. Consult its documentation to learn if it will be a good fit for your deployment.
--- a/docs/configuring-playbook-turn.md
+++ b/docs/configuring-playbook-turn.md
@@ -13,34 +13,48 @@ SPDX-License-Identifier: AGPL-3.0-or-later

 # Configuring a TURN server (optional, advanced)

-By default, this playbook installs and configures the [coturn](https://github.com/coturn/coturn) as a TURN server, through which clients can make audio/video calls even from [NAT](https://en.wikipedia.org/wiki/Network_address_translation)-ed networks. It also configures the Synapse chat server by default, so that it points to the coturn TURN server installed by the playbook. If that's okay, you can skip this document.
+By default, the [coturn](https://github.com/coturn/coturn) TURN server component is enabled automatically only when [Jitsi](configuring-playbook-jitsi.md) is enabled. If you're not using Jitsi, coturn is not enabled by default.

-If you'd like to stop the playbook installing the server, see the section [below](#disabling-coturn) to check the configuration for disabling it.
+If you explicitly need coturn while not using Jitsi, enable it with:
+
+```yaml
+coturn_enabled: true
+```
+
+and configure its IP-related settings in the section below.
+
+If you'd like coturn to stay disabled even when Jitsi is enabled, or if you prefer to use an external TURN provider, see [disabling coturn](#disabling-coturn) section below.
+
+When Coturn is not enabled, homeservers (like Synapse) would not point to TURN servers and *legacy* audio/video call functionality may fail. If you're using [Matrix RTC](configuring-playbook-rtc.md) (for [Element Call](configuring-playbook-element-call.md)), you likely don't have a need to enable coturn.
+
+## Adjusting firewall rules
+
+To ensure Coturn functions correctly, the following firewall rules and port forwarding settings are required when coturn is enabled:
+
+- `3478/tcp`: STUN/TURN over TCP
+- `3478/udp`: STUN/TURN over UDP
+- `5349/tcp`: TURN over TCP
+- `5349/udp`: TURN over UDP
+- `49152-49172/udp`: TURN/UDP relay range
+
+💡 Docker configures the server's internal firewall for you. In most cases, you don't need to do anything special on the host itself.

 ## Adjusting the playbook configuration

 ### Define public IP manually (optional)

-In the `hosts` file we explicitly ask for your server's external IP address when defining `ansible_host`, because the same value is used for configuring coturn.
-
-If you'd rather use a local IP for `ansible_host`, add the following configuration to your `vars.yml` file. Make sure to replace `YOUR_PUBLIC_IP` with the pubic IP used by the server.
+If you enable coturn (either via Jitsi or manually), we recommend that you configure the public IP addresses of your server in the `vars.yml` file:

 ```yaml
-coturn_turn_external_ip_address: "YOUR_PUBLIC_IP"
+# You can define multiple IP addresses if your server has multiple external IP addresses
+coturn_turn_external_ip_addresses: ["YOUR_PUBLIC_IP"]
 ```

-If you'd like to rely on external IP address auto-detection (not recommended unless you need it), set an empty value to the variable. The playbook will automatically contact an [echoip](https://github.com/mpolden/echoip)-compatible service (`https://ifconfig.co/json` by default) to determine your server's IP address. This API endpoint is configurable via the `coturn_turn_external_ip_address_auto_detection_echoip_service_url` variable.
+If you'd like to rely on external IP address auto-detection (not recommended unless you need it), avoid configuring this variable. The playbook will automatically contact an [echoip](https://github.com/mpolden/echoip)-compatible service (`https://ifconfig.co/json` by default) to determine your server's IP address. This API endpoint is configurable via the `coturn_turn_external_ip_address_auto_detection_echoip_service_url` variable.

 >[!NOTE]
 > You can self-host the echoip service by using the [Mother-of-All-Self-Hosting (MASH)](https://github.com/mother-of-all-self-hosting/mash-playbook) Ansible playbook. See [this page](https://github.com/mother-of-all-self-hosting/mash-playbook/blob/main/docs/services/echoip.md) for the instruction to install it with the playbook. If you are wondering how to use it for your Matrix server, refer to [this page](https://github.com/mother-of-all-self-hosting/mash-playbook/blob/main/docs/setting-up-services-on-mdad-server.md) for the overview.

-If your server has multiple external IP addresses, the coturn role offers a different variable for specifying them:
-
-```yaml
-# Note: coturn_turn_external_ip_addresses is different than coturn_turn_external_ip_address
-coturn_turn_external_ip_addresses: ['1.2.3.4', '4.5.6.7']
-```
-
 ### Change the authentication mechanism (optional)

 The playbook uses the [`auth-secret` authentication method](https://github.com/coturn/coturn/blob/873cabd6a2e5edd7e9cc5662cac3ffe47fe87a8e/README.turnserver#L186-L199) by default, but you may switch to the [`lt-cred-mech` method](https://github.com/coturn/coturn/blob/873cabd6a2e5edd7e9cc5662cac3ffe47fe87a8e/README.turnserver#L178) which [some report](https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/3191) to be working better.
@@ -119,14 +133,14 @@ Take a look at:

 ## Disabling coturn

-If, for some reason, you'd like for the playbook to not install coturn (or to uninstall it if it was previously installed), add the following configuration to your `vars.yml` file:
+Coturn is only enabled by default when [Jitsi](configuring-playbook-jitsi.md) is enabled. In most instances, you don't need to explicitly disable it.
+
+To force the playbook to not install Coturn (even when Jitsi is enabled), add the following configuration to your `vars.yml` file:

 ```yaml
 coturn_enabled: false
 ```

-In that case, Synapse would not point to any coturn servers and audio/video call functionality may fail.
-
 ## Installing

 After configuring the playbook, run it with [playbook tags](playbook-tags.md) as below:
--- a/docs/configuring-playbook.md
+++ b/docs/configuring-playbook.md
@@ -162,8 +162,6 @@ Bridges can be used to connect your Matrix installation with third-party communi

 - [Setting up Appservice Discord bridging](configuring-playbook-bridge-appservice-discord.md)

- [Setting up Appservice Slack bridging](configuring-playbook-bridge-appservice-slack.md)
-
 - [Setting up Appservice Kakaotalk bridging](configuring-playbook-bridge-appservice-kakaotalk.md)

 - [Setting up Beeper LinkedIn bridging](configuring-playbook-bridge-beeper-linkedin.md)
@@ -235,8 +233,6 @@ Various services that don't fit any other categories.

 - [Setting up Matrix RTC](configuring-playbook-matrix-rtc.md) (optional)

- [Setting up Synapse Auto Invite Accept](configuring-playbook-synapse-auto-accept-invite.md)
-
 - [Setting up synapse-auto-compressor](configuring-playbook-synapse-auto-compressor.md) for compressing the database on Synapse homeservers

 - [Setting up Matrix Corporal](configuring-playbook-matrix-corporal.md) (advanced)
@@ -263,6 +259,8 @@ Various services that don't fit any other categories.

 - [Setting up the Sliding Sync proxy](configuring-playbook-sliding-sync-proxy.md) for clients which require Sliding Sync support (like old Element X versions, before it got switched to Simplified Sliding Sync)

+- [Setting up Appservice Slack bridging](configuring-playbook-bridge-appservice-slack.md) (removed; this component has been discontinued)
+
 - [Setting up Appservice Webhooks bridging](configuring-playbook-bridge-appservice-webhooks.md) (deprecated; the bridge's author suggests taking a look at [matrix-hookshot](https://github.com/matrix-org/matrix-hookshot) as a replacement, which can also be [installed using this playbook](configuring-playbook-bridge-hookshot.md))

 - [Setting up the Dimension integration manager](configuring-playbook-dimension.md) ([unmaintained](https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/2806#issuecomment-1673559299); after [installing](installing.md))
@@ -290,3 +288,5 @@ Various services that don't fit any other categories.
 - [Setting up MX Puppet Slack bridging](configuring-playbook-bridge-mx-puppet-slack.md) (removed; this component has been unmaintained for a long time, so it has been removed from the playbook. Consider [setting up Mautrix Slack bridging](configuring-playbook-bridge-mautrix-slack.md))

 - [Setting up MX Puppet Twitter bridging](configuring-playbook-bridge-mx-puppet-twitter.md) (removed; this component has been unmaintained for a long time, so it has been removed from the playbook. Consider [setting up Mautrix Twitter bridging](configuring-playbook-bridge-mautrix-twitter.md))
+
+- [Setting up Synapse Auto Invite Accept](configuring-playbook-synapse-auto-accept-invite.md) (removed; since Synapse [v1.109.0](https://github.com/element-hq/synapse/releases/tag/v1.109.0) the same feature is available natively.)
--- a/docs/container-images.md
+++ b/docs/container-images.md
@@ -101,7 +101,6 @@ Bridges can be used to connect your Matrix installation with third-party communi
 | [matrix-appservice-irc](configuring-playbook-bridge-appservice-irc.md) | [matrixdotorg/matrix-appservice-irc](https://hub.docker.com/r/matrixdotorg/matrix-appservice-irc) | ❌ | Bridge to [IRC](https://wikipedia.org/wiki/Internet_Relay_Chat) |
 | [matrix-appservice-kakaotalk](configuring-playbook-bridge-appservice-kakaotalk.md) | Self-building | ❌ | Bridge to [Kakaotalk](https://www.kakaocorp.com/page/service/service/KakaoTalk?lang=ENG) |
 | [matrix-appservice-discord](configuring-playbook-bridge-appservice-discord.md) | [matrix-org/matrix-appservice-discord](https://ghcr.io/matrix-org/matrix-appservice-discord) | ❌ | Bridge to [Discord](https://discordapp.com/) |
-| [matrix-appservice-slack](configuring-playbook-bridge-appservice-slack.md) | [matrixdotorg/matrix-appservice-slack](https://hub.docker.com/r/matrixdotorg/matrix-appservice-slack) | ❌ | Bridge to [Slack](https://slack.com/) |
 | [matrix-hookshot](configuring-playbook-bridge-hookshot.md) | [halfshot/matrix-hookshot](https://hub.docker.com/r/halfshot/matrix-hookshot) | ❌ | Bridge for generic webhooks and multiple project management services, such as GitHub, GitLab, Figma, and Jira in particular |
 | [matrix-sms-bridge](configuring-playbook-bridge-matrix-bridge-sms.md) | [folivonet/matrix-sms-bridge](https://hub.docker.com/repository/docker/folivonet/matrix-sms-bridge) | ❌ | Bridge to SMS |
 | [matrix-wechat](configuring-playbook-bridge-wechat.md) | [lxduo/matrix-wechat](https://hub.docker.com/r/lxduo/matrix-wechat) | ❌ | Bridge to [WeChat](https://www.wechat.com/) |
@@ -150,7 +149,6 @@ Various services that don't fit any other categories.

 | Service | Container image | Default? | Description |
 | ------- | --------------- | -------- | ----------- |
-| [synapse_auto_accept_invite](configuring-playbook-synapse-auto-accept-invite.md) | (N/A) | ❌ | Synapse module to automatically accept invites |
 | [synapse_auto_compressor](configuring-playbook-synapse-auto-compressor.md) | [mb-saces/rust-synapse-tools](https://gitlab.com/mb-saces/rust-synapse-tools/container_registry) | ❌ | Cli tool that automatically compresses Synapse's `state_groups` database table in background |
 | [Matrix Corporal](configuring-playbook-matrix-corporal.md) (advanced) | [devture/matrix-corporal](https://hub.docker.com/r/devture/matrix-corporal/) | ❌ | Reconciliator and gateway for a managed Matrix server |
 | [Etherpad](configuring-playbook-etherpad.md) | [etherpad/etherpad](https://hub.docker.com/r/etherpad/etherpad/) | ❌ | Open source collaborative text editor |
@@ -176,6 +174,7 @@ The list of the deprecated or unmaintained services is available [here](configur
 | [Email2Matrix](configuring-playbook-email2matrix.md) | [devture/email2matrix](https://hub.docker.com/r/devture/email2matrix/) | ❌ | Bridge for relaying emails to Matrix rooms |
 | [Go-NEB](configuring-playbook-bot-go-neb.md) | [matrixdotorg/go-neb](https://hub.docker.com/r/matrixdotorg/go-neb) | ❌ | Multi functional bot written in Go |
 | [ma1sd](configuring-playbook-ma1sd.md) | [ma1uta/ma1sd](https://hub.docker.com/r/ma1uta/ma1sd/) | ❌ | Matrix Identity Server |
+| [matrix-appservice-slack](configuring-playbook-bridge-appservice-slack.md) | [matrixdotorg/matrix-appservice-slack](https://hub.docker.com/r/matrixdotorg/matrix-appservice-slack) | ❌ | Bridge to [Slack](https://slack.com/) |
 | [matrix-appservice-webhooks](configuring-playbook-bridge-appservice-webhooks.md) | [turt2live/matrix-appservice-webhooks](https://hub.docker.com/r/turt2live/matrix-appservice-webhooks) | ❌ | Bridge for slack compatible webhooks ([ConcourseCI](https://concourse-ci.org/), [Slack](https://slack.com/) etc. pp.) |
 | [matrix-chatgpt-bot](configuring-playbook-bot-chatgpt.md) | [matrixgpt/matrix-chatgpt-bot](https://ghcr.io/matrixgpt/matrix-chatgpt-bot) | ❌ | Accessing ChatGPT via your favourite Matrix client |
 | [mautrix-facebook](configuring-playbook-bridge-mautrix-facebook.md) | [mautrix/facebook](https://mau.dev/mautrix/facebook/container_registry) | ❌ | Bridge to [Facebook](https://facebook.com/) |
@@ -185,3 +184,4 @@ The list of the deprecated or unmaintained services is available [here](configur
 | [mx-puppet-slack](configuring-playbook-bridge-mx-puppet-slack.md) | [mx-puppet/slack/mx-puppet-slack](https://gitlab.com/mx-puppet/slack/mx-puppet-slack/container_registry) | ❌ | Bridge to [Slack](https://slack.com) |
 | [mx-puppet-twitter](configuring-playbook-bridge-mx-puppet-twitter.md) | [sorunome/mx-puppet-twitter](https://hub.docker.com/r/sorunome/mx-puppet-twitter) | ❌ | Bridge for Twitter-DMs ([Twitter](https://twitter.com/)) |
 | [sliding-sync](configuring-playbook-sliding-sync-proxy.md) | [matrix-org/sliding-sync](https://ghcr.io/matrix-org/sliding-sync) | ❌ | Sliding Sync support for clients which require it (like old Element X versions, before it got switched to Simplified Sliding Sync) |
+| [synapse_auto_accept_invite](configuring-playbook-synapse-auto-accept-invite.md) | (N/A) | ❌ | Synapse module to automatically accept invites |
--- a/docs/faq.md
+++ b/docs/faq.md
@@ -305,18 +305,23 @@ See [Serving the base domain](configuring-playbook-base-domain-serving.md).

 ### How do I optimize this setup for a low-power server?

+For a low-power server, it's best to use an alternative homeserver implementation (other than [Synapse](configuring-playbook-synapse.md)).
+
 You can disable some not-so-important services to save on memory.

 ```yaml
 # Disabling this will prevent email-notifications and other such things from working.
 exim_relay_enabled: false
+```

-# You can also disable this to save more RAM,
-# at the expense of audio/video calls being unreliable.
-coturn_enabled: false
+If you've installed [Jitsi](configuring-playbook-jitsi.md) (not installed by default), there are additional optimizations listed on its documentation page that you can perform.

-# This makes Synapse not keep track of who is online/offline.
-#
+
+#### Synapse-specific optimizations
+
+If you're using [Synapse](configuring-playbook-synapse.md), you can also consider the following optimizations:
+
+```yaml
 # Keeping track of this and announcing such online-status in federated rooms with
 # hundreds of servers inside is insanely heavy (https://github.com/matrix-org/synapse/issues/3971).
 #
@@ -324,18 +329,14 @@ coturn_enabled: false
 matrix_synapse_presence_enabled: false
 ```

-You can also consider implementing a restriction on room complexity, in order to prevent users from joining very heavy rooms:
+You can also consider [implementing a restriction on room complexity](configuring-playbook-synapse.md#limit-joining-heavy-rooms-on-constrained-hosts), in order to prevent users from joining very heavy rooms:

 ```yaml
-matrix_synapse_configuration_extension_yaml: |
-  limit_remote_rooms:
-    enabled: true
-    complexity: 1.0 # this limits joining complex (~large) rooms, can be
-					# increased, but larger values can require more RAM
+# See: docs/configuring-playbook-synapse.md#limit-joining-heavy-rooms-on-constrained-hosts
+matrix_synapse_limit_remote_rooms_enabled: true
+matrix_synapse_limit_remote_rooms_complexity: 1.0
 ```

-If you've installed [Jitsi](configuring-playbook-jitsi.md) (not installed by default), there are additional optimizations listed on its documentation page that you can perform.
-
 ### I already have Docker on my server. Can you stop installing Docker via the playbook?

 Yes, we can stop installing Docker ourselves. Just use this in your `vars.yml` file:
--- a/docs/installing.md
+++ b/docs/installing.md
@@ -146,6 +146,7 @@ After completing the installation, you can:
 - or learn how to [maintain your server](faq.md#maintenance)
 - or join some Matrix rooms:
  * via the *Explore rooms* feature in Element Web or some other clients, or by discovering them using this [matrix-static list](https://view.matrix.org). **Note**: joining large rooms may overload small servers.
+    For tuning guidance on constrained hosts, see [Limit joining heavy rooms on constrained hosts](configuring-playbook-synapse.md#limit-joining-heavy-rooms-on-constrained-hosts).
  * or come say Hi in our support room — [#matrix-docker-ansible-deploy:devture.com](https://matrix.to/#/#matrix-docker-ansible-deploy:devture.com). You might learn something or get to help someone else new to Matrix hosting.
 - or help make this playbook better by contributing (code, documentation, or [coffee/beer](https://liberapay.com/s.pantaleev/donate))

--- a/docs/maintenance-synapse.md
+++ b/docs/maintenance-synapse.md
@@ -83,6 +83,8 @@ You should then be able to browse the adminer database administration GUI at htt

 Synapse's presence feature which tracks which users are online and which are offline can use a lot of processing power. You can disable presence by adding `matrix_synapse_presence_enabled: false` to your `vars.yml` file.

+On smaller servers, consider limiting joins to very complex rooms with [the room complexity guard](configuring-playbook-synapse.md#limit-joining-heavy-rooms-on-constrained-hosts).
+
 If you have enough compute resources (CPU & RAM), you can make Synapse better use of them by [enabling load-balancing with workers](configuring-playbook-synapse.md#load-balancing-with-workers).

 [Tuning your PostgreSQL database](maintenance-postgres.md#tuning-postgresql) could also improve Synapse performance. The playbook tunes the integrated Postgres database automatically, but based on your needs you may wish to adjust tuning variables manually. If you're using an [external Postgres database](configuring-playbook-external-postgres.md), you will also need to tune Postgres manually.
--- a/docs/prerequisites.md
+++ b/docs/prerequisites.md
@@ -57,12 +57,7 @@ We will be using `example.com` as the domain in the following instruction. Pleas

  - `80/tcp`: HTTP webserver
  - `443/tcp` and `443/udp`: HTTPS webserver
-  - `3478/tcp`: STUN/TURN over TCP (used by [coturn](./configuring-playbook-turn.md))
-  - `3478/udp`: STUN/TURN over UDP (used by [coturn](./configuring-playbook-turn.md))
-  - `5349/tcp`: TURN over TCP (used by [coturn](./configuring-playbook-turn.md))
-  - `5349/udp`: TURN over UDP (used by [coturn](./configuring-playbook-turn.md))
  - `8448/tcp` and `8448/udp`: Matrix Federation API HTTPS webserver. Some components like [Matrix User Verification Service](configuring-playbook-user-verification-service.md#open-matrix-federation-port) require this port to be opened **even with federation disabled**.
-  - the range `49152-49172/udp`: TURN over UDP
  - potentially some other ports, depending on the additional (non-default) services that you enable in the **configuring the playbook** step (later on). Consult each service's documentation page in `docs/` for that.

 ---------------------------------------------
--- a/docs/self-building.md
+++ b/docs/self-building.md
@@ -36,7 +36,6 @@ Possibly outdated list of roles where self-building the Docker image is currentl
 - `exim-relay`
 - `matrix-bridge-hookshot`
 - `matrix-bridge-appservice-irc`
- `matrix-bridge-appservice-slack`
 - `matrix-bridge-beeper-linkedin`
 - `matrix-bridge-mautrix-googlechat`
 - `matrix-bridge-mautrix-telegram`
--- a/examples/hosts
+++ b/examples/hosts
@@ -1,6 +1,3 @@
-# We explicitly ask for your server's external IP address, because the same value is used for configuring coturn.
-# If you'd rather use a local IP here, make sure to set up `coturn_turn_external_ip_address`.
-#
 # To connect using a non-root user (and elevate to root with sudo later),
 # replace `ansible_ssh_user=root` with something like this: `ansible_ssh_user=username ansible_become=true ansible_become_user=root`.
 # If sudo requires a password, either add `ansible_become_password=PASSWORD_HERE` to the host line
@@ -18,4 +15,4 @@
 # to the host line below.

 [matrix_servers]
-matrix.example.com ansible_host=<your-server's external IP address> ansible_ssh_user=root
+matrix.example.com ansible_host=<your-server's domain name or IP address> ansible_ssh_user=root
--- a/examples/vars.yml
+++ b/examples/vars.yml
@@ -53,18 +53,10 @@ devture_systemd_docker_base_ipv6_enabled: true
 # The value used here must be shorter than 100 characters.
 postgres_connection_password: ''

-# By default, we configure coturn's external IP address using the value specified for `ansible_host` in your `inventory/hosts` file.
-# If this value is an external IP address, you can skip this section.
+# You can limit heavy room joins on constrained hosts.
+# See:
+# docs/configuring-playbook-synapse.md#limit-joining-heavy-rooms-on-constrained-hosts
 #
-# If `ansible_host` is not the server's external IP address, you have 2 choices:
-# 1. Uncomment the line below, to allow IP address auto-detection to happen (more on this below)
-# 2. Uncomment and adjust the line below to specify an IP address manually
-#
-# By default, auto-detection will be attempted using the `https://ifconfig.co/json` API.
-# Default values for this are specified in `coturn_turn_external_ip_address_auto_detection_*` variables in the coturn role
-# (see `roles/galaxy/coturn/defaults/main.yml`).
-#
-# If your server has multiple IP addresses, you may define them in another variable which allows a list of addresses.
-# Example: `coturn_turn_external_ip_addresses: ['1.2.3.4', '4.5.6.7']`
-#
-# coturn_turn_external_ip_address: ''
+# matrix_synapse_limit_remote_rooms_enabled: true
+# matrix_synapse_limit_remote_rooms_complexity: 1.0
+# matrix_synapse_limit_remote_rooms_admins_can_join: false
--- a/group_vars/matrix_servers
+++ b/group_vars/matrix_servers
@@ -104,8 +104,6 @@ matrix_homeserver_container_extra_arguments_auto: |
    +
    (['--mount type=bind,src=' + matrix_appservice_kakaotalk_config_path + '/registration.yaml,dst=/matrix-appservice-kakaotalk-registration.yaml,ro'] if matrix_appservice_kakaotalk_enabled else [])
    +
-    (['--mount type=bind,src=' + matrix_appservice_slack_config_path + '/slack-registration.yaml,dst=/matrix-appservice-slack-registration.yaml,ro'] if matrix_appservice_slack_enabled else [])
-    +
    (['--mount type=bind,src=' + matrix_beeper_linkedin_config_path + '/registration.yaml,dst=/matrix-beeper-linkedin-registration.yaml,ro'] if matrix_beeper_linkedin_enabled else [])
    +
    (['--mount type=bind,src=' + matrix_wechat_config_path + '/registration.yaml,dst=/matrix-wechat-registration.yaml,ro'] if matrix_wechat_enabled else [])
@@ -163,8 +161,6 @@ matrix_homeserver_app_service_config_files_auto: |
    +
    (['/matrix-appservice-kakaotalk-registration.yaml'] if matrix_appservice_kakaotalk_enabled else [])
    +
-    (['/matrix-appservice-slack-registration.yaml'] if matrix_appservice_slack_enabled else [])
-    +
    (['/matrix-beeper-linkedin-registration.yaml'] if matrix_beeper_linkedin_enabled else [])
    +
    (['/matrix-wechat-registration.yaml'] if matrix_wechat_enabled else [])
@@ -250,15 +246,14 @@ matrix_addons_homeserver_systemd_services_list: |
 #   - so that addon services (starting later) can communicte with the homeserver via Traefik's internal entrypoint
 #     (see `matrix_playbook_internal_matrix_client_api_traefik_entrypoint_enabled`)
 # - core services (the homeserver) get a level of ~1000
-# - services that the homeserver depends on (database, Redis, ntfy, coturn, etc.) get a lower level — between 500 and 1000
-# - coturn gets a higher priority level (= starts later) if `devture_systemd_service_manager_service_restart_mode == 'one-by-one'` to intentionally delay it, because:
-#  - starting services one by one means that the service manager role waits for each service to fully start before proceeding to the next one
+# - services that the homeserver depends on (database, Redis, ntfy, etc.) get a lower level — between 500 and 1000
+# - coturn gets a higher priority level (= starts later) in all cases, to intentionally delay it in relation to the homeserver, because:
+#  - when starting services one by one, the service manager waits for each service to fully start before proceeding to the next one
 #  - if coturn has a lower priority than the homeserver, it would be started before it
-#  - since coturn is started before the homeserver, there's no container label telling Traefik to get a `matrix.example.com` certificate
+#  - if coturn is started before the homeserver, there'd be no container label (usually on the homeserver) telling Traefik to get a `matrix.example.com` certificate
 #  - thus, coturn would spin and wait for a certificate until it fails. We'd get a playbook failure due to it, but service manager will proceed to start all other services anyway.
 #  - only later, when the homeserver actually starts, would that certificate be fetched and dumped
-#  - this is not a problem with `all-at-once` (default) or `priority-batched` (services start concurrently),
-#    or with `clean-stop-start` (everything stops first, then starts in priority order — coturn at 900 is fine)
+#  - this is a problem for `one-by-one`, `clean-stop-start` (which behaves like one-by-one initially) and possibly other modes, except `all-at-once`
 # - reverse-proxying services get level 3000
 # - Matrix utility services (bridges, bots) get a level of 2000/2200, so that:
 #   - they can start before the reverse-proxy
@@ -399,13 +394,6 @@ devture_systemd_service_manager_services_list_auto: |
      'groups': ['matrix', 'bridges', 'appservice-kakaotalk', 'appservice-kakaotalk-node'],
    }] if matrix_appservice_kakaotalk_enabled else [])
    +
-    ([{
-      'name': 'matrix-appservice-slack.service',
-      'priority': 2000,
-      'restart_necessary': (matrix_appservice_slack_restart_necessary | bool),
-      'groups': ['matrix', 'bridges', 'appservice-slack'],
-    }] if matrix_appservice_slack_enabled else [])
-    +
    ([{
      'name': 'matrix-beeper-linkedin.service',
      'priority': 2000,
@@ -598,7 +586,7 @@ devture_systemd_service_manager_services_list_auto: |
    ([{
      'name': (hydrogen_identifier + '.service'),
      'priority': 2000,
-      'restart_necessary': true,
+      'restart_necessary': (hydrogen_restart_necessary | bool),
      'groups': ['matrix', 'clients', 'hydrogen', 'client-hydrogen'],
    }] if hydrogen_enabled else [])
    +
@@ -618,25 +606,18 @@ devture_systemd_service_manager_services_list_auto: |
    +
    ([{
      'name': ('matrix-' + matrix_homeserver_implementation + '.service'),
-      'priority': 1000,
+      'priority': matrix_homeserver_systemd_service_manager_priority,
      'restart_necessary': true,
      'groups': ['matrix', 'homeservers', matrix_homeserver_implementation],
    }] if matrix_homeserver_enabled else [])
    +
    ([{
      'name': 'matrix-corporal.service',
-      'priority': 1500,
+      'priority': (matrix_homeserver_systemd_service_manager_priority + 500),
      'restart_necessary': (matrix_corporal_restart_necessary | bool),
      'groups': ['matrix', 'corporal'],
    }] if matrix_corporal_enabled else [])
    +
-    ([{
-      'name': (coturn_identifier + '.service'),
-      'priority': (1500 if devture_systemd_service_manager_service_restart_mode == 'one-by-one' else 900),
-      'restart_necessary': true,
-      'groups': ['matrix', 'coturn'],
-    }] if coturn_enabled else [])
-    +
    ([{
      'name': 'matrix-matrixto.service',
      'priority': 4000,
@@ -651,31 +632,38 @@ devture_systemd_service_manager_services_list_auto: |
      'groups': ['matrix', 'rageshake'],
    }] if matrix_rageshake_enabled else [])
    +
+    ([{
+      'name': (coturn_identifier + '.service'),
+      'priority': (matrix_homeserver_systemd_service_manager_priority + 500),
+      'restart_necessary': (coturn_restart_necessary | bool),
+      'groups': ['matrix', 'coturn'],
+    }] if coturn_enabled else [])
+    +
    ([{
      'name': (coturn_identifier + '-reload.timer'),
      'priority': 5000,
-      'restart_necessary': true,
+      'restart_necessary': (coturn_restart_necessary | bool),
      'groups': ['matrix', 'coturn'],
    }] if (coturn_enabled and coturn_tls_enabled) else [])
    +
    ([{
      'name': (ddclient_identifier + '.service'),
      'priority': 5000,
-      'restart_necessary': true,
+      'restart_necessary': (ddclient_restart_necessary | bool),
      'groups': ['matrix', 'ddclient', 'dynamic-dns'],
    }] if ddclient_enabled else [])
    +
    ([{
      'name': (etherpad_identifier + '.service'),
      'priority': 4000,
-      'restart_necessary': true,
+      'restart_necessary': (etherpad_restart_necessary | bool),
      'groups': ['matrix', 'etherpad'],
    }] if etherpad_enabled else [])
    +
    ([{
      'name': (grafana_identifier + '.service'),
      'priority': 4000,
-      'restart_necessary': true,
+      'restart_necessary': (grafana_restart_necessary | bool),
      'groups': ['matrix', 'monitoring', 'grafana'],
    }] if grafana_enabled else [])
    +
@@ -731,7 +719,7 @@ devture_systemd_service_manager_services_list_auto: |
    ([{
      'name': (ntfy_identifier + '.service'),
      'priority': 800,
-      'restart_necessary': true,
+      'restart_necessary': (ntfy_restart_necessary | bool),
      'groups': ['matrix', 'ntfy'],
    }] if ntfy_enabled else [])
    +
@@ -745,42 +733,42 @@ devture_systemd_service_manager_services_list_auto: |
    ([{
      'name': (postgres_backup_identifier + '.service'),
      'priority': 5000,
-      'restart_necessary': true,
+      'restart_necessary': (postgres_backup_restart_necessary | bool),
      'groups': ['matrix', 'backup', 'postgres-backup'],
    }] if postgres_backup_enabled else [])
    +
    ([{
      'name': (prometheus_identifier + '.service'),
      'priority': 4000,
-      'restart_necessary': true,
+      'restart_necessary': (prometheus_restart_necessary | bool),
      'groups': ['matrix', 'monitoring', 'prometheus'],
    }] if prometheus_enabled else [])
    +
    ([{
      'name': (prometheus_node_exporter_identifier + '.service'),
      'priority': 3900,
-      'restart_necessary': true,
+      'restart_necessary': (prometheus_node_exporter_restart_necessary | bool),
      'groups': ['matrix', 'monitoring', 'prometheus-exporters', 'prometheus-node-exporter'],
    }] if prometheus_node_exporter_enabled else [])
    +
    ([{
      'name': (prometheus_postgres_exporter_identifier + '.service'),
      'priority': 3900,
-      'restart_necessary': true,
+      'restart_necessary': (prometheus_postgres_exporter_restart_necessary | bool),
      'groups': ['matrix', 'monitoring', 'prometheus-exporters', 'prometheus-postgres-exporter'],
    }] if prometheus_postgres_exporter_enabled else [])
    +
    ([{
-      'name': 'matrix-prometheus-nginxlog-exporter.service',
+      'name': (prometheus_nginxlog_exporter_identifier + '.service'),
      'priority': 3900,
-      'restart_necessary': (matrix_prometheus_nginxlog_exporter_restart_necessary | bool),
+      'restart_necessary': (prometheus_nginxlog_exporter_restart_necessary | bool),
      'groups': ['matrix', 'monitoring', 'prometheus-exporters', 'prometheus-nginxlog-exporter'],
-    }] if matrix_prometheus_nginxlog_exporter_enabled else [])
+    }] if prometheus_nginxlog_exporter_enabled else [])
    +
    ([{
      'name': (valkey_identifier + '.service'),
      'priority': 750,
-      'restart_necessary': true,
+      'restart_necessary': (valkey_restart_necessary | bool),
      'groups': ['matrix', 'valkey'],
    }] if valkey_enabled else [])
    +
@@ -838,14 +826,14 @@ devture_systemd_service_manager_services_list_auto: |
      'priority': 800,
      'restart_necessary': true,
      'groups': ['matrix', 'goofys'],
-    }] if matrix_s3_media_store_enabled else [])
+    }] if (matrix_synapse_enabled and matrix_s3_media_store_enabled) else [])
    +
    ([{
      'name': 'matrix-synapse-s3-storage-provider-migrate.timer',
      'priority': 5000,
      'restart_necessary': true,
      'groups': ['matrix'],
-    }] if matrix_synapse_ext_synapse_s3_storage_provider_enabled else [])
+    }] if (matrix_synapse_enabled and matrix_synapse_ext_synapse_s3_storage_provider_enabled) else [])
    +
    ([{
      'name': 'matrix-synapse-auto-compressor.timer',
@@ -1177,7 +1165,7 @@ matrix_appservice_discord_systemd_required_services_list_auto: |
    ([postgres_identifier ~ '.service'] if (postgres_enabled and matrix_appservice_discord_database_hostname == postgres_connection_hostname) else [])
  }}

-matrix_appservice_discord_docker_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_appservice_discord_docker_image_registry_prefix_upstream_default }}"
+matrix_appservice_discord_container_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_appservice_discord_container_image_registry_prefix_upstream_default }}"

 matrix_appservice_discord_container_http_host_bind_port: "{{ (matrix_playbook_service_host_bind_interface_prefix ~ '9005') if matrix_playbook_service_host_bind_interface_prefix else '' }}"

@@ -1211,66 +1199,6 @@ matrix_appservice_discord_database_password: "{{ (matrix_homeserver_generic_secr
 #
 ######################################################################

-######################################################################
-#
-# matrix-appservice-slack
-#
-######################################################################
-
-# We don't enable bridges by default.
-matrix_appservice_slack_enabled: false
-
-matrix_appservice_slack_hostname: "{{ matrix_server_fqn_matrix }}"
-
-matrix_appservice_slack_systemd_required_services_list_auto: |
-  {{
-    matrix_addons_homeserver_systemd_services_list
-    +
-    ([postgres_identifier ~ '.service'] if (postgres_enabled and matrix_appservice_slack_database_hostname == postgres_connection_hostname) else [])
-  }}
-
-matrix_appservice_slack_docker_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_appservice_slack_docker_image_registry_prefix_upstream_default }}"
-
-matrix_appservice_slack_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}"
-
-matrix_appservice_slack_container_http_host_bind_port: "{{ (matrix_playbook_service_host_bind_interface_prefix ~ matrix_appservice_slack_slack_port) if matrix_playbook_service_host_bind_interface_prefix else '' }}"
-
-matrix_appservice_slack_container_network: "{{ matrix_addons_container_network }}"
-
-matrix_appservice_slack_container_additional_networks_auto: |-
-  {{
-    (
-      ([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network])
-      +
-      ([postgres_container_network] if (postgres_enabled and matrix_appservice_slack_database_hostname == postgres_connection_hostname and matrix_appservice_slack_container_network != postgres_container_network) else [])
-      +
-      ([matrix_playbook_reverse_proxyable_services_additional_network] if (matrix_playbook_reverse_proxyable_services_additional_network and matrix_appservice_slack_container_labels_traefik_enabled) else [])
-    ) | unique
-  }}
-
-matrix_appservice_slack_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}"
-matrix_appservice_slack_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
-matrix_appservice_slack_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}"
-matrix_appservice_slack_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}"
-
-matrix_appservice_slack_appservice_token: "{{ (matrix_homeserver_generic_secret_key + ':slack.as.token') | hash('sha512') | to_uuid }}"
-
-matrix_appservice_slack_homeserver_url: "{{ matrix_addons_homeserver_client_api_url }}"
-matrix_appservice_slack_homeserver_token: "{{ (matrix_homeserver_generic_secret_key + ':slack.hs.token') | hash('sha512') | to_uuid }}"
-
-matrix_appservice_slack_id_token: "{{ (matrix_homeserver_generic_secret_key + ':slack.id.token') | hash('sha512') | to_uuid }}"
-
-# Postgres is the default, except if not using internal Postgres server
-matrix_appservice_slack_database_engine: "{{ 'postgres' if postgres_enabled else 'nedb' }}"
-matrix_appservice_slack_database_hostname: "{{ postgres_connection_hostname if postgres_enabled else '' }}"
-matrix_appservice_slack_database_password: "{{ (matrix_homeserver_generic_secret_key + ':as.slack.db') | hash('sha512') | to_uuid }}"
-matrix_appservice_slack_database_container_network: "{{ postgres_container_network if postgres_enabled else '' }}"
-
-######################################################################
-#
-# /matrix-bridge-appservice-slack
-#
-######################################################################

 ######################################################################
 #
@@ -1288,7 +1216,7 @@ matrix_appservice_irc_systemd_required_services_list_auto: |
    ([postgres_identifier ~ '.service'] if (postgres_enabled and matrix_appservice_irc_database_hostname == postgres_connection_hostname) else [])
  }}

-matrix_appservice_irc_docker_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_appservice_irc_docker_image_registry_prefix_upstream_default }}"
+matrix_appservice_irc_container_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_appservice_irc_container_image_registry_prefix_upstream_default }}"

 matrix_appservice_irc_container_image_self_build: "{{ matrix_architecture != 'amd64' }}"

@@ -1350,9 +1278,9 @@ matrix_appservice_kakaotalk_systemd_required_services_list_auto: |
    ([postgres_identifier ~ '.service'] if (postgres_enabled and matrix_appservice_kakaotalk_database_hostname == postgres_connection_hostname) else [])
  }}

-matrix_appservice_kakaotalk_node_docker_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_appservice_kakaotalk_node_docker_image_registry_prefix_upstream_default }}"
+matrix_appservice_kakaotalk_node_container_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_appservice_kakaotalk_node_container_image_registry_prefix_upstream_default }}"

-matrix_appservice_kakaotalk_docker_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_appservice_kakaotalk_docker_image_registry_prefix_upstream_default }}"
+matrix_appservice_kakaotalk_container_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_appservice_kakaotalk_container_image_registry_prefix_upstream_default }}"

 matrix_appservice_kakaotalk_container_network: "{{ matrix_addons_container_network }}"

@@ -1401,7 +1329,7 @@ matrix_beeper_linkedin_systemd_required_services_list_auto: |
    ([postgres_identifier ~ '.service'] if (postgres_enabled and matrix_beeper_linkedin_database_hostname == postgres_connection_hostname) else [])
  }}

-matrix_beeper_linkedin_docker_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_beeper_linkedin_docker_image_registry_prefix_upstream_default }}"
+matrix_beeper_linkedin_container_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_beeper_linkedin_container_image_registry_prefix_upstream_default }}"

 matrix_beeper_linkedin_container_image_self_build: "{{ matrix_architecture not in ['amd64'] }}"

@@ -1463,7 +1391,7 @@ matrix_mautrix_bluesky_systemd_required_services_list_auto: |
    ([postgres_identifier ~ '.service'] if (postgres_enabled and matrix_mautrix_bluesky_database_hostname == postgres_connection_hostname) else [])
  }}

-matrix_mautrix_bluesky_docker_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_mautrix_bluesky_docker_image_registry_prefix_upstream_default }}"
+matrix_mautrix_bluesky_container_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_mautrix_bluesky_container_image_registry_prefix_upstream_default }}"

 matrix_mautrix_bluesky_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}"

@@ -1530,7 +1458,7 @@ matrix_mautrix_bluesky_database_password: "{{ (matrix_homeserver_generic_secret_
 # We don't enable bridges by default.
 matrix_mautrix_discord_enabled: false

-matrix_mautrix_discord_docker_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_mautrix_discord_docker_image_registry_prefix_upstream_default }}"
+matrix_mautrix_discord_container_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_mautrix_discord_container_image_registry_prefix_upstream_default }}"

 matrix_mautrix_discord_container_image_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}"

@@ -1612,7 +1540,7 @@ matrix_mautrix_slack_systemd_required_services_list_auto: |
    ([postgres_identifier ~ '.service'] if (postgres_enabled and matrix_mautrix_slack_database_hostname == postgres_connection_hostname) else [])
  }}

-matrix_mautrix_slack_docker_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_mautrix_slack_docker_image_registry_prefix_upstream_default }}"
+matrix_mautrix_slack_container_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_mautrix_slack_container_image_registry_prefix_upstream_default }}"

 matrix_mautrix_slack_container_image_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}"

@@ -1673,7 +1601,7 @@ matrix_mautrix_googlechat_systemd_required_services_list_auto: |
    ([postgres_identifier ~ '.service'] if (postgres_enabled and matrix_mautrix_googlechat_database_hostname == postgres_connection_hostname) else [])
  }}

-matrix_mautrix_googlechat_docker_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_mautrix_googlechat_docker_image_registry_prefix_upstream_default }}"
+matrix_mautrix_googlechat_container_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_mautrix_googlechat_container_image_registry_prefix_upstream_default }}"

 matrix_mautrix_googlechat_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}"

@@ -1751,7 +1679,7 @@ matrix_mautrix_signal_systemd_required_services_list_auto: |
    ([postgres_identifier ~ '.service'] if (postgres_enabled and matrix_mautrix_signal_database_hostname == postgres_connection_hostname) else [])
  }}

-matrix_mautrix_signal_docker_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_mautrix_signal_docker_image_registry_prefix_upstream_default }}"
+matrix_mautrix_signal_container_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_mautrix_signal_container_image_registry_prefix_upstream_default }}"

 matrix_mautrix_signal_container_image_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}"

@@ -1987,9 +1915,9 @@ matrix_mautrix_telegram_systemd_required_services_list_auto: |
    ([postgres_identifier ~ '.service'] if (postgres_enabled and matrix_mautrix_telegram_database_hostname == postgres_connection_hostname) else [])
  }}

-matrix_mautrix_telegram_lottieconverter_docker_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_mautrix_telegram_lottieconverter_docker_image_registry_prefix_upstream_default }}"
+matrix_mautrix_telegram_lottieconverter_container_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_mautrix_telegram_lottieconverter_container_image_registry_prefix_upstream_default }}"

-matrix_mautrix_telegram_docker_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_mautrix_telegram_docker_image_registry_prefix_upstream_default }}"
+matrix_mautrix_telegram_container_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_mautrix_telegram_container_image_registry_prefix_upstream_default }}"

 # Images are multi-arch (amd64 and arm64, but not arm32).
 matrix_mautrix_telegram_container_image_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}"
@@ -2073,7 +2001,7 @@ matrix_mautrix_twitter_systemd_required_services_list_auto: |
    ([postgres_identifier ~ '.service'] if (postgres_enabled and matrix_mautrix_twitter_database_hostname == postgres_connection_hostname) else [])
  }}

-matrix_mautrix_twitter_docker_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_mautrix_twitter_docker_image_registry_prefix_upstream_default }}"
+matrix_mautrix_twitter_container_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_mautrix_twitter_container_image_registry_prefix_upstream_default }}"

 matrix_mautrix_twitter_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}"

@@ -2147,7 +2075,7 @@ matrix_mautrix_gmessages_systemd_required_services_list_auto: |
    ([postgres_identifier ~ '.service'] if (postgres_enabled and matrix_mautrix_gmessages_database_hostname == postgres_connection_hostname) else [])
  }}

-matrix_mautrix_gmessages_docker_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_mautrix_gmessages_docker_image_registry_prefix_upstream_default }}"
+matrix_mautrix_gmessages_container_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_mautrix_gmessages_container_image_registry_prefix_upstream_default }}"

 matrix_mautrix_gmessages_container_image_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}"

@@ -2228,7 +2156,7 @@ matrix_mautrix_wsproxy_hostname: "wsproxy.{{ matrix_mautrix_wsproxy_homeserver_d

 matrix_mautrix_wsproxy_syncproxy_homeserver_url: "{{ matrix_addons_homeserver_client_api_url }}"

-matrix_mautrix_wsproxy_docker_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_mautrix_wsproxy_docker_image_registry_prefix_upstream_default }}"
+matrix_mautrix_wsproxy_container_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_mautrix_wsproxy_container_image_registry_prefix_upstream_default }}"

 matrix_mautrix_wsproxy_container_network: "{{ matrix_addons_container_network }}"

@@ -2323,7 +2251,7 @@ matrix_wechat_database_password: "{{ (matrix_homeserver_generic_secret_key + ':g
 # We don't enable bridges by default.
 matrix_mautrix_whatsapp_enabled: false

-matrix_mautrix_whatsapp_docker_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_mautrix_whatsapp_docker_image_registry_prefix_upstream_default }}"
+matrix_mautrix_whatsapp_container_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_mautrix_whatsapp_container_image_registry_prefix_upstream_default }}"

 matrix_mautrix_whatsapp_container_image_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}"

@@ -2402,7 +2330,7 @@ matrix_sms_bridge_systemd_required_services_list_auto: |
    matrix_addons_homeserver_systemd_services_list
  }}

-matrix_sms_bridge_docker_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_sms_bridge_docker_image_registry_prefix_upstream_default }}"
+matrix_sms_bridge_container_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_sms_bridge_container_image_registry_prefix_upstream_default }}"

 matrix_sms_bridge_container_network: "{{ matrix_addons_container_network }}"

@@ -2439,7 +2367,7 @@ matrix_heisenbridge_systemd_required_services_list_auto: |
    matrix_addons_homeserver_systemd_services_list
  }}

-matrix_heisenbridge_docker_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_heisenbridge_docker_image_registry_prefix_upstream_default }}"
+matrix_heisenbridge_container_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_heisenbridge_container_image_registry_prefix_upstream_default }}"

 matrix_heisenbridge_container_network: "{{ matrix_addons_container_network }}"

@@ -2478,7 +2406,7 @@ matrix_heisenbridge_homeserver_url: "{{ matrix_addons_homeserver_client_api_url
 # We don't enable bridges by default.
 matrix_hookshot_enabled: false

-matrix_hookshot_docker_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_hookshot_docker_image_registry_prefix_upstream_default }}"
+matrix_hookshot_container_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_hookshot_container_image_registry_prefix_upstream_default }}"

 matrix_hookshot_container_image_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}"

@@ -2558,7 +2486,7 @@ matrix_mx_puppet_steam_systemd_required_services_list_auto: |
    ([postgres_identifier ~ '.service'] if (postgres_enabled and matrix_mx_puppet_steam_database_hostname == postgres_connection_hostname) else [])
  }}

-matrix_mx_puppet_steam_docker_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_mx_puppet_steam_docker_image_registry_prefix_upstream_default }}"
+matrix_mx_puppet_steam_container_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_mx_puppet_steam_container_image_registry_prefix_upstream_default }}"

 matrix_mx_puppet_steam_container_image_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}"

@@ -2610,7 +2538,7 @@ matrix_mx_puppet_groupme_systemd_required_services_list_auto: |
    ([postgres_identifier ~ '.service'] if (postgres_enabled and matrix_mx_puppet_groupme_database_hostname == postgres_connection_hostname) else [])
  }}

-matrix_mx_puppet_groupme_docker_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_mx_puppet_groupme_docker_image_registry_prefix_upstream_default }}"
+matrix_mx_puppet_groupme_container_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_mx_puppet_groupme_container_image_registry_prefix_upstream_default }}"

 matrix_mx_puppet_groupme_container_image_self_build: "{{ matrix_architecture != 'amd64' }}"

@@ -2654,7 +2582,7 @@ matrix_mx_puppet_groupme_database_password: "{{ (matrix_homeserver_generic_secre
 # We don't enable bridges by default.
 matrix_postmoogle_enabled: false

-matrix_postmoogle_docker_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_postmoogle_docker_image_registry_prefix_upstream_default }}"
+matrix_postmoogle_container_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_postmoogle_container_image_registry_prefix_upstream_default }}"

 matrix_postmoogle_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}"

@@ -2739,7 +2667,7 @@ matrix_steam_bridge_systemd_required_services_list_auto: |
    ([postgres_identifier ~ '.service'] if (postgres_enabled and matrix_steam_bridge_database_hostname == postgres_connection_hostname) else [])
  }}

-matrix_steam_bridge_docker_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_steam_bridge_docker_image_registry_prefix_upstream_default }}"
+matrix_steam_bridge_container_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_steam_bridge_container_image_registry_prefix_upstream_default }}"

 matrix_steam_bridge_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}"

@@ -2815,7 +2743,7 @@ matrix_bot_matrix_reminder_bot_systemd_required_services_list_auto: |
    ([postgres_identifier ~ '.service'] if postgres_enabled and matrix_bot_matrix_reminder_bot_database_hostname == postgres_connection_hostname else [])
  }}

-matrix_bot_matrix_reminder_bot_docker_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_bot_matrix_reminder_bot_docker_image_registry_prefix_upstream_default }}"
+matrix_bot_matrix_reminder_bot_container_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_bot_matrix_reminder_bot_container_image_registry_prefix_upstream_default }}"

 matrix_bot_matrix_reminder_bot_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}"

@@ -2862,7 +2790,7 @@ matrix_bot_matrix_registration_bot_systemd_required_services_list_auto: |
    matrix_addons_homeserver_systemd_services_list
  }}

-matrix_bot_matrix_registration_bot_docker_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_bot_matrix_registration_bot_docker_image_registry_prefix_upstream_default }}"
+matrix_bot_matrix_registration_bot_container_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_bot_matrix_registration_bot_container_image_registry_prefix_upstream_default }}"

 matrix_bot_matrix_registration_bot_container_image_self_build: "{{ matrix_architecture not in ['amd64'] }}"

@@ -2911,7 +2839,7 @@ matrix_bot_maubot_homeserver_secret: |-
    }[matrix_homeserver_implementation] | default('')
  }}

-matrix_bot_maubot_docker_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_bot_maubot_docker_image_registry_prefix_upstream_default }}"
+matrix_bot_maubot_container_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_bot_maubot_container_image_registry_prefix_upstream_default }}"

 matrix_bot_maubot_container_image_self_build: "{{ matrix_architecture not in ['amd64'] }}"

@@ -2969,7 +2897,7 @@ matrix_bot_honoroit_systemd_required_services_list_auto: |
    ([postgres_identifier ~ '.service'] if postgres_enabled and matrix_bot_honoroit_database_hostname == postgres_connection_hostname else [])
  }}

-matrix_bot_honoroit_docker_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_bot_honoroit_docker_image_registry_prefix_upstream_default }}"
+matrix_bot_honoroit_container_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_bot_honoroit_container_image_registry_prefix_upstream_default }}"

 matrix_bot_honoroit_container_network: "{{ matrix_addons_container_network }}"

@@ -3025,7 +2953,7 @@ matrix_bot_buscarron_systemd_required_services_list_auto: |
    ([postgres_identifier ~ '.service'] if (postgres_enabled and matrix_bot_buscarron_database_hostname == postgres_connection_hostname) else [])
  }}

-matrix_bot_buscarron_docker_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_bot_buscarron_docker_image_registry_prefix_upstream_default }}"
+matrix_bot_buscarron_container_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_bot_buscarron_container_image_registry_prefix_upstream_default }}"

 matrix_bot_buscarron_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}"

@@ -3157,7 +3085,7 @@ matrix_bot_mjolnir_systemd_required_services_list_auto: |
    (['matrix-pantalaimon.service'] if matrix_bot_mjolnir_pantalaimon_use else [])
  }}

-matrix_bot_mjolnir_docker_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_bot_mjolnir_docker_image_registry_prefix_upstream_default }}"
+matrix_bot_mjolnir_container_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_bot_mjolnir_container_image_registry_prefix_upstream_default }}"

 matrix_bot_mjolnir_container_image_self_build: "{{ matrix_architecture != 'amd64' }}"

@@ -3195,7 +3123,7 @@ matrix_bot_draupnir_systemd_required_services_list_auto: |
    (['matrix-pantalaimon.service'] if matrix_bot_draupnir_pantalaimon_use else [])
  }}

-matrix_bot_draupnir_docker_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_bot_draupnir_docker_image_registry_prefix_upstream_default }}"
+matrix_bot_draupnir_container_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_bot_draupnir_container_image_registry_prefix_upstream_default }}"

 matrix_bot_draupnir_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}"

@@ -3248,7 +3176,7 @@ matrix_appservice_draupnir_for_all_systemd_required_services_list_auto: |
    ([postgres_identifier ~ '.service'] if (postgres_enabled and matrix_appservice_draupnir_for_all_database_hostname == postgres_connection_hostname) else [])
  }}

-matrix_appservice_draupnir_for_all_docker_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_appservice_draupnir_for_all_docker_image_registry_prefix_upstream_default }}"
+matrix_appservice_draupnir_for_all_container_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_appservice_draupnir_for_all_container_image_registry_prefix_upstream_default }}"

 matrix_appservice_draupnir_for_all_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}"

@@ -3307,7 +3235,7 @@ matrix_pantalaimon_systemd_required_services_list_auto: |
    matrix_addons_homeserver_systemd_services_list
  }}

-matrix_pantalaimon_docker_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_pantalaimon_docker_image_registry_prefix_upstream_default }}"
+matrix_pantalaimon_container_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_pantalaimon_container_image_registry_prefix_upstream_default }}"

 matrix_pantalaimon_container_network: "{{ matrix_homeserver_container_network }}"

@@ -3339,7 +3267,7 @@ backup_borg_username: "{{ matrix_user_name }}"
 backup_borg_uid: "{{ matrix_user_uid }}"
 backup_borg_gid: "{{ matrix_user_gid }}"

-backup_borg_docker_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else backup_borg_docker_image_registry_prefix_upstream_default }}"
+backup_borg_container_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else backup_borg_container_image_registry_prefix_upstream_default }}"

 backup_borg_container_network: "{{ postgres_container_network if postgres_enabled else backup_borg_identifier }}"

@@ -3391,7 +3319,7 @@ matrix_cactus_comments_systemd_required_services_list_auto: |
    matrix_addons_homeserver_systemd_services_list
  }}

-matrix_cactus_comments_docker_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_cactus_comments_docker_image_registry_prefix_upstream_default }}"
+matrix_cactus_comments_container_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_cactus_comments_container_image_registry_prefix_upstream_default }}"

 matrix_cactus_comments_container_image_self_build: "{{ matrix_architecture not in ['amd64'] }}"

@@ -3458,7 +3386,7 @@ matrix_corporal_systemd_required_services_list_auto: |
    (['matrix-' + matrix_homeserver_implementation + '.service'])
  }}

-matrix_corporal_docker_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_corporal_docker_image_registry_prefix_upstream_default }}"
+matrix_corporal_container_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_corporal_container_image_registry_prefix_upstream_default }}"

 matrix_corporal_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}"

@@ -3569,7 +3497,9 @@ matrix_rageshake_container_labels_traefik_tls_certResolver: "{{ traefik_certReso
 #
 ######################################################################

-coturn_enabled: true
+# Coturn is enabled by default only when Jitsi is enabled because Jitsi still
+# depends on legacy TURN integration for compatibility.
+coturn_enabled: "{{ jitsi_enabled | bool }}"

 coturn_identifier: matrix-coturn

@@ -3585,11 +3515,6 @@ coturn_container_image_registry_prefix_upstream: "{{ matrix_container_global_reg

 coturn_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm32', 'arm64'] }}"

-# We make the assumption that `ansible_host` points to an external IP address, which may not always be the case.
-# Users are free to set `coturn_turn_external_ip_address` to an empty string
-# to allow auto-detection (via an echoip service) to happen at runtime.
-coturn_turn_external_ip_address: "{{ ansible_host }}"
-
 # By default, we use the official public instance.
 coturn_turn_external_ip_address_auto_detection_echoip_service_url: https://ifconfig.co/json

@@ -3854,7 +3779,7 @@ matrix_ldap_registration_proxy_systemd_required_services_list_auto: |
    matrix_addons_homeserver_systemd_services_list
  }}

-matrix_ldap_registration_proxy_docker_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_ldap_registration_proxy_docker_image_registry_prefix_upstream_default }}"
+matrix_ldap_registration_proxy_container_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_ldap_registration_proxy_container_image_registry_prefix_upstream_default }}"

 matrix_ldap_registration_proxy_container_network: "{{ matrix_addons_container_network }}"

@@ -3918,7 +3843,7 @@ exim_relay_container_image_self_build: "{{ matrix_architecture not in ['amd64',

 matrix_media_repo_enabled: false

-matrix_media_repo_docker_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_media_repo_docker_image_registry_prefix_upstream_default }}"
+matrix_media_repo_container_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_media_repo_container_image_registry_prefix_upstream_default }}"

 matrix_media_repo_container_network: "{{ matrix_homeserver_container_network }}"

@@ -4149,12 +4074,6 @@ postgres_managed_databases_auto: |
      'password': matrix_appservice_draupnir_for_all_database_password,
    }] if (matrix_appservice_draupnir_for_all_enabled and matrix_appservice_draupnir_for_all_database_hostname == postgres_connection_hostname) else [])
    +
-    ([{
-      'name': matrix_appservice_slack_database_name,
-      'username': matrix_appservice_slack_database_username,
-      'password': matrix_appservice_slack_database_password,
-    }] if (matrix_appservice_slack_enabled and matrix_appservice_slack_database_engine == 'postgres' and matrix_appservice_slack_database_hostname == postgres_connection_hostname) else [])
-    +
    ([{
      'name': matrix_appservice_irc_database_name,
      'username': matrix_appservice_irc_database_username,
@@ -4357,7 +4276,7 @@ matrix_sygnal_metrics_prometheus_enabled: "{{ prometheus_enabled or matrix_metri

 matrix_sygnal_hostname: "{{ matrix_server_fqn_sygnal }}"

-matrix_sygnal_docker_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_sygnal_docker_image_registry_prefix_upstream_default }}"
+matrix_sygnal_container_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_sygnal_container_image_registry_prefix_upstream_default }}"

 matrix_sygnal_container_network: "{{ matrix_homeserver_container_network }}"

@@ -4454,7 +4373,7 @@ matrix_client_element_enabled: true

 matrix_client_element_scheme: "{{ 'https' if matrix_playbook_ssl_enabled else 'http' }}"

-matrix_client_element_docker_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_client_element_docker_image_registry_prefix_upstream_default }}"
+matrix_client_element_container_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_client_element_container_image_registry_prefix_upstream_default }}"

 matrix_client_element_container_image_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}"

@@ -4614,7 +4533,7 @@ matrix_client_schildichat_enabled: false

 matrix_client_schildichat_scheme: "{{ 'https' if matrix_playbook_ssl_enabled else 'http' }}"

-matrix_client_schildichat_docker_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_client_schildichat_docker_image_registry_prefix_upstream_default }}"
+matrix_client_schildichat_container_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_client_schildichat_container_image_registry_prefix_upstream_default }}"

 matrix_client_schildichat_container_image_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}"

@@ -4667,7 +4586,7 @@ matrix_client_fluffychat_enabled: false

 matrix_client_fluffychat_scheme: "{{ 'https' if matrix_playbook_ssl_enabled else 'http' }}"

-matrix_client_fluffychat_docker_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_client_fluffychat_docker_image_registry_prefix_upstream_default }}"
+matrix_client_fluffychat_container_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_client_fluffychat_container_image_registry_prefix_upstream_default }}"

 matrix_client_fluffychat_container_image_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}"

@@ -4706,11 +4625,11 @@ matrix_synapse_gid: "{{ matrix_user_gid }}"

 matrix_synapse_federation_enabled: "{{ matrix_homeserver_federation_enabled }}"

-matrix_synapse_docker_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_synapse_docker_image_registry_prefix_upstream_default }}"
+matrix_synapse_container_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_synapse_container_image_registry_prefix_upstream_default }}"

-matrix_s3_goofys_docker_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_s3_goofys_docker_image_registry_prefix_upstream_default }}"
+matrix_s3_goofys_container_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_s3_goofys_container_image_registry_prefix_upstream_default }}"

-matrix_synapse_rust_synapse_compress_state_docker_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_synapse_rust_synapse_compress_state_docker_image_registry_prefix_upstream_default }}"
+matrix_synapse_rust_synapse_compress_state_container_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_synapse_rust_synapse_compress_state_container_image_registry_prefix_upstream_default }}"

 matrix_synapse_container_image_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}"

@@ -4931,7 +4850,7 @@ matrix_synapse_reverse_proxy_companion_container_additional_networks_auto: |
    (
      ([matrix_playbook_reverse_proxyable_services_additional_network] if matrix_synapse_reverse_proxy_companion_container_labels_traefik_enabled and matrix_playbook_reverse_proxyable_services_additional_network else [])
      +
-      ([matrix_prometheus_nginxlog_exporter_container_network] if (matrix_prometheus_nginxlog_exporter_enabled and matrix_prometheus_nginxlog_exporter_container_network != matrix_synapse_reverse_proxy_companion_container_network) else [])
+      ([prometheus_nginxlog_exporter_container_network] if (prometheus_nginxlog_exporter_enabled and prometheus_nginxlog_exporter_container_network != matrix_synapse_reverse_proxy_companion_container_network) else [])
      +
      ([] if matrix_homeserver_container_network in ['', matrix_synapse_reverse_proxy_companion_container_network] else [matrix_homeserver_container_network])
    ) | unique
@@ -4980,8 +4899,8 @@ matrix_synapse_reverse_proxy_companion_synapse_stream_writer_presence_stream_wor
 matrix_synapse_reverse_proxy_companion_synapse_media_repository_locations: "{{matrix_synapse_workers_media_repository_endpoints|default([]) }}"
 matrix_synapse_reverse_proxy_companion_synapse_user_dir_locations: "{{ matrix_synapse_workers_user_dir_worker_client_server_endpoints|default([]) }}"

-matrix_synapse_reverse_proxy_companion_access_log_syslog_integration_enabled: "{{ matrix_prometheus_nginxlog_exporter_enabled }}"
-matrix_synapse_reverse_proxy_companion_access_log_syslog_integration_server_port: "{{ (matrix_prometheus_nginxlog_exporter_identifier | string +':'+ matrix_prometheus_nginxlog_exporter_container_syslog_port | string) | default('') }}"
+matrix_synapse_reverse_proxy_companion_access_log_syslog_integration_enabled: "{{ prometheus_nginxlog_exporter_enabled }}"
+matrix_synapse_reverse_proxy_companion_access_log_syslog_integration_server_port: "{{ (prometheus_nginxlog_exporter_identifier | string +':'+ prometheus_nginxlog_exporter_container_syslog_port | string) | default('') }}"

 ######################################################################
 #
@@ -4997,7 +4916,7 @@ matrix_synapse_reverse_proxy_companion_access_log_syslog_integration_server_port

 matrix_synapse_admin_enabled: false

-matrix_synapse_admin_docker_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_synapse_admin_docker_image_registry_prefix_upstream_default }}"
+matrix_synapse_admin_container_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_synapse_admin_container_image_registry_prefix_upstream_default }}"

 matrix_synapse_admin_container_uid: "{{ matrix_user_uid }}"
 matrix_synapse_admin_container_gid: "{{ matrix_user_gid }}"
@@ -5063,11 +4982,6 @@ matrix_synapse_admin_config_asManagedUsers_auto: |
      '^@_discord_[a-zA-Z0-9]+:'+(matrix_domain | regex_escape)+'$',
    ] if matrix_appservice_discord_enabled else [])
    +
-    ([
-      '^@'+(matrix_appservice_slack_bot_name | default('') | regex_escape)+':'+(matrix_domain | regex_escape)+'$',
-      '^@'+(matrix_appservice_slack_user_prefix | default('') | regex_escape)+'[a-zA-Z0-9]+:'+(matrix_domain | regex_escape)+'$',
-    ] if matrix_appservice_slack_enabled else [])
-    +
    ([
      '^@'+(matrix_beeper_linkedin_appservice_bot_username | default('') | regex_escape)+':'+(matrix_domain | regex_escape)+'$',
      '^@linkedin_[a-zA-Z0-9]+:'+(matrix_domain | regex_escape)+'$',
@@ -5294,41 +5208,48 @@ prometheus_postgres_exporter_systemd_required_services_list_auto: |

 ######################################################################
 #
-# matrix-prometheus-nginxlog-exporter
+# prometheus_nginxlog_exporter
 #
 ######################################################################

-matrix_prometheus_nginxlog_exporter_enabled: false
+prometheus_nginxlog_exporter_enabled: false

-matrix_prometheus_nginxlog_exporter_identifier: matrix-prometheus-nginxlog-exporter
+prometheus_nginxlog_exporter_identifier: matrix-prometheus-nginxlog-exporter
+prometheus_nginxlog_exporter_base_path: "{{ matrix_base_data_path }}/prometheus-nginxlog-exporter"

-matrix_prometheus_nginxlog_exporter_hostname: "{{ matrix_server_fqn_matrix }}"
+prometheus_nginxlog_exporter_uid: "{{ matrix_user_uid }}"
+prometheus_nginxlog_exporter_gid: "{{ matrix_user_gid }}"

-matrix_prometheus_nginxlog_exporter_docker_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_prometheus_nginxlog_exporter_docker_image_registry_prefix_upstream_default }}"
+prometheus_nginxlog_exporter_hostname: "{{ matrix_server_fqn_matrix }}"

-matrix_prometheus_nginxlog_exporter_container_network: "{{ matrix_monitoring_container_network }}"
+prometheus_nginxlog_exporter_container_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else prometheus_nginxlog_exporter_container_image_registry_prefix_upstream_default }}"

-matrix_prometheus_nginxlog_exporter_container_additional_networks_auto: |-
+prometheus_nginxlog_exporter_container_network: "{{ matrix_monitoring_container_network }}"
+prometheus_nginxlog_exporter_container_network_deletion_enabled: false
+
+prometheus_nginxlog_exporter_container_additional_networks_auto: |-
  {{
-    ([matrix_playbook_reverse_proxyable_services_additional_network] if (matrix_playbook_reverse_proxyable_services_additional_network and matrix_prometheus_nginxlog_exporter_container_labels_traefik_enabled) else [])
+    ([matrix_playbook_reverse_proxyable_services_additional_network] if (matrix_playbook_reverse_proxyable_services_additional_network and prometheus_nginxlog_exporter_container_labels_traefik_enabled) else [])
  }}

-matrix_prometheus_nginxlog_exporter_container_labels_traefik_enabled: "{{ matrix_metrics_exposure_enabled }}"
-matrix_prometheus_nginxlog_exporter_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
-matrix_prometheus_nginxlog_exporter_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}"
-matrix_prometheus_nginxlog_exporter_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}"
+prometheus_nginxlog_exporter_container_labels_traefik_enabled: "{{ matrix_metrics_exposure_enabled }}"
+prometheus_nginxlog_exporter_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
+prometheus_nginxlog_exporter_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}"
+prometheus_nginxlog_exporter_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}"

-matrix_prometheus_nginxlog_exporter_container_labels_metrics_middleware_basic_auth_enabled: "{{ matrix_metrics_exposure_http_basic_auth_enabled }}"
-matrix_prometheus_nginxlog_exporter_container_labels_metrics_middleware_basic_auth_users: "{{ matrix_metrics_exposure_http_basic_auth_users }}"
+prometheus_nginxlog_exporter_container_labels_metrics_middleware_basic_auth_enabled: "{{ matrix_metrics_exposure_http_basic_auth_enabled }}"
+prometheus_nginxlog_exporter_container_labels_metrics_middleware_basic_auth_users: "{{ matrix_metrics_exposure_http_basic_auth_users }}"

-matrix_prometheus_nginxlog_exporter_config_namespaces_matrix_source_tags_auto: |
+prometheus_nginxlog_exporter_config_namespaces_source_tags_auto: |
  {{
    ([matrix_synapse_reverse_proxy_companion_access_log_syslog_integration_tag] if matrix_synapse_reverse_proxy_companion_access_log_syslog_integration_enabled else [])
  }}

+prometheus_nginxlog_exporter_architecture: "{{ matrix_architecture }}"
+
 ######################################################################
 #
-# /matrix-prometheus-nginxlog-exporter
+# /prometheus_nginxlog_exporter
 #
 ######################################################################

@@ -5355,6 +5276,8 @@ prometheus_container_network: "{{ matrix_monitoring_container_network }}"
 prometheus_container_additional_networks_auto: |
  {{
    (
+      ([prometheus_nginxlog_exporter_container_network] if matrix_prometheus_services_connect_scraper_nginxlog_enabled and prometheus_nginxlog_exporter_container_network != prometheus_container_network else [])
+      +
      ([prometheus_node_exporter_container_network] if prometheus_self_node_scraper_enabled and prometheus_node_exporter_container_network != prometheus_container_network else [])
      +
      ([matrix_synapse_container_network] if matrix_prometheus_services_connect_scraper_synapse_enabled and matrix_synapse_container_network != prometheus_container_network else [])
@@ -5363,8 +5286,6 @@ prometheus_container_additional_networks_auto: |
      +
      ([matrix_hookshot_container_network] if matrix_prometheus_services_connect_scraper_hookshot_enabled and matrix_hookshot_container_network != prometheus_container_network else [])
      +
-      ([matrix_prometheus_nginxlog_exporter_container_network] if matrix_prometheus_services_connect_scraper_nginxlog_enabled and matrix_prometheus_nginxlog_exporter_container_network != prometheus_container_network else [])
-      +
      ([matrix_media_repo_container_network] if matrix_prometheus_services_connect_scraper_media_repo_enabled and matrix_media_repo_container_network != prometheus_container_network else [])
      +
      ([matrix_synapse_usage_exporter_container_network] if matrix_prometheus_services_connect_scraper_synapse_usage_exporter_enabled and matrix_synapse_usage_exporter_container_network != prometheus_container_network else [])
@@ -5411,7 +5332,7 @@ prometheus_config_scrape_configs_auto: |

 matrix_prometheus_services_connect_synapse_enabled: "{{ prometheus_enabled and matrix_synapse_enabled }}"

-matrix_prometheus_services_connect_synapse_rules_download_synapse_tag: "{{ matrix_synapse_docker_image_tag }}"
+matrix_prometheus_services_connect_synapse_rules_download_synapse_tag: "{{ matrix_synapse_container_image_tag }}"
 matrix_prometheus_services_connect_synapse_rules_download_dir_path: "{{ prometheus_config_path }}"
 matrix_prometheus_services_connect_synapse_rules_download_owner: "{{ prometheus_uid }}"
 matrix_prometheus_services_connect_synapse_rules_download_group: "{{ prometheus_gid }}"
@@ -5426,8 +5347,8 @@ matrix_prometheus_services_connect_scraper_postgres_static_configs_target: "{{ p
 matrix_prometheus_services_connect_scraper_hookshot_enabled: "{{ matrix_hookshot_enabled and matrix_hookshot_metrics_enabled }}"
 matrix_prometheus_services_connect_scraper_hookshot_static_configs_target: "{{ matrix_hookshot_container_url }}:{{ matrix_hookshot_metrics_port | string }}"

-matrix_prometheus_services_connect_scraper_nginxlog_enabled: "{{ matrix_prometheus_nginxlog_exporter_enabled }}"
-matrix_prometheus_services_connect_scraper_nginxlog_static_configs_target: "{{ matrix_prometheus_nginxlog_exporter_identifier }}:{{ matrix_prometheus_nginxlog_exporter_container_metrics_port | string }}"
+matrix_prometheus_services_connect_scraper_nginxlog_enabled: "{{ prometheus_nginxlog_exporter_enabled }}"
+matrix_prometheus_services_connect_scraper_nginxlog_static_configs_target: "{{ prometheus_nginxlog_exporter_identifier }}:{{ prometheus_nginxlog_exporter_container_metrics_port | string }}"

 matrix_prometheus_services_connect_scraper_media_repo_enabled: "{{ matrix_media_repo_enabled and matrix_media_repo_metrics_enabled }}"
 matrix_prometheus_services_connect_scraper_media_repo_static_configs_target: "{{ matrix_media_repo_identifier }}:{{ matrix_media_repo_metrics_port }}"
@@ -5500,7 +5421,7 @@ grafana_dashboard_download_urls: |
    +
    (prometheus_postgres_exporter_dashboard_urls if prometheus_postgres_exporter_enabled else [])
    +
-    (matrix_prometheus_nginxlog_exporter_dashboard_urls if matrix_prometheus_nginxlog_exporter_enabled else [])
+    (prometheus_nginxlog_exporter_dashboard_urls if prometheus_nginxlog_exporter_enabled else [])
    +
    (matrix_media_repo_dashboard_urls if matrix_media_repo_metrics_enabled else [])
    +
@@ -5510,9 +5431,9 @@ grafana_dashboard_download_urls: |
 grafana_provisioning_dashboard_template_files: |
  {{
    ([{
-        'path': 'roles/custom/matrix-prometheus-nginxlog-exporter/templates/grafana/nginx-proxy.json',
+        'path': 'roles/galaxy/prometheus_nginxlog_exporter/templates/grafana/nginx-proxy.json',
        'name': 'nginx-proxy.json',
-    }] if matrix_prometheus_nginxlog_exporter_enabled else [])
+    }] if prometheus_nginxlog_exporter_enabled else [])
  }}

 grafana_default_home_dashboard_path: |-
@@ -5549,7 +5470,7 @@ matrix_registration_systemd_required_services_list_auto: |
    ([postgres_identifier ~ '.service'] if (postgres_enabled and matrix_registration_database_hostname == postgres_connection_hostname) else [])
  }}

-matrix_registration_docker_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_registration_docker_image_registry_prefix_upstream_default }}"
+matrix_registration_container_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_registration_container_image_registry_prefix_upstream_default }}"

 matrix_registration_container_image_self_build: "{{ matrix_architecture != 'amd64' }}"

@@ -5612,7 +5533,7 @@ matrix_dendrite_hostname: "{{ matrix_server_fqn_matrix }}"

 matrix_dendrite_federation_enabled: "{{ matrix_homeserver_federation_enabled }}"

-matrix_dendrite_docker_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_dendrite_docker_image_registry_prefix_upstream_default }}"
+matrix_dendrite_container_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_dendrite_container_image_registry_prefix_upstream_default }}"

 matrix_dendrite_container_network: "{{ matrix_homeserver_container_network }}"

@@ -5702,7 +5623,7 @@ matrix_conduit_hostname: "{{ matrix_server_fqn_matrix }}"

 matrix_conduit_allow_federation: "{{ matrix_homeserver_federation_enabled }}"

-matrix_conduit_docker_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_conduit_docker_image_registry_prefix_upstream_default }}"
+matrix_conduit_container_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_conduit_container_image_registry_prefix_upstream_default }}"

 matrix_conduit_container_network: "{{ matrix_homeserver_container_network }}"

@@ -5752,7 +5673,7 @@ matrix_continuwuity_hostname: "{{ matrix_server_fqn_matrix }}"

 matrix_continuwuity_config_allow_federation: "{{ matrix_homeserver_federation_enabled }}"

-matrix_continuwuity_docker_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_continuwuity_docker_image_registry_prefix_upstream_default }}"
+matrix_continuwuity_container_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_continuwuity_container_image_registry_prefix_upstream_default }}"

 matrix_continuwuity_container_network: "{{ matrix_homeserver_container_network }}"

@@ -5871,7 +5792,7 @@ matrix_user_verification_service_systemd_required_services_list: |
    (['matrix-' + matrix_homeserver_implementation + '.service'])
  }}

-matrix_user_verification_service_docker_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_user_verification_service_docker_image_registry_prefix_upstream_default }}"
+matrix_user_verification_service_container_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_user_verification_service_container_image_registry_prefix_upstream_default }}"

 matrix_user_verification_service_container_network: "{{ matrix_addons_container_network }}"

@@ -6020,6 +5941,8 @@ traefik_additional_entrypoints_auto: |
    ([matrix_playbook_public_matrix_federation_api_traefik_entrypoint_definition] if matrix_playbook_public_matrix_federation_api_traefik_entrypoint_enabled else [])
    +
    ([matrix_playbook_internal_matrix_client_api_traefik_entrypoint_definition] if matrix_playbook_internal_matrix_client_api_traefik_entrypoint_enabled else [])
+    +
+    ([matrix_playbook_livekit_turn_traefik_entrypoint_definition] if matrix_playbook_livekit_turn_traefik_entrypoint_enabled else [])
  }}

 traefik_config_providers_docker_endpoint: "{{ container_socket_proxy_endpoint if container_socket_proxy_enabled else 'unix:///var/run/docker.sock' }}"
@@ -6179,6 +6102,11 @@ livekit_server_container_image_registry_prefix_upstream: "{{ matrix_container_gl
 livekit_server_container_network: "{{ matrix_addons_container_network }}"
 livekit_server_container_additional_networks_auto: "{{ [matrix_playbook_reverse_proxyable_services_additional_network] if (livekit_server_container_labels_traefik_enabled and matrix_playbook_reverse_proxyable_services_additional_network) else [] }}"

+# We expose LiveKit TURN/TLS via Traefik on a dedicated TCP entrypoint.
+matrix_playbook_livekit_turn_traefik_entrypoint_enabled: "{{ matrix_playbook_reverse_proxy_type == 'playbook-managed-traefik' and livekit_server_config_turn_enabled and livekit_server_config_turn_external_tls and livekit_server_container_labels_traefik_enabled }}"
+matrix_playbook_livekit_turn_traefik_entrypoint_port: "{{ livekit_server_config_turn_tls_port }}"
+matrix_playbook_livekit_turn_traefik_entrypoint_host_bind_port: "{{ (matrix_playbook_service_host_bind_interface_prefix ~ (matrix_playbook_livekit_turn_traefik_entrypoint_port | string)) if matrix_playbook_service_host_bind_interface_prefix else (matrix_playbook_livekit_turn_traefik_entrypoint_port | string) }}"
+
 livekit_server_container_additional_volumes_auto: |
  {{
    (
@@ -6193,7 +6121,7 @@ livekit_server_container_additional_volumes_auto: |
         'dst': livekit_server_config_turn_key_file,
         'options': 'ro',
       },
-      ] if (matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] and traefik_certs_dumper_enabled and livekit_server_config_turn_enabled and (livekit_server_config_turn_cert_file and livekit_server_config_turn_key_file)) else []
+      ] if (matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] and traefik_certs_dumper_enabled and livekit_server_config_turn_enabled and not (livekit_server_config_turn_external_tls | bool) and (livekit_server_config_turn_cert_file and livekit_server_config_turn_key_file)) else []
    )
  }}

@@ -6201,6 +6129,9 @@ livekit_server_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_pro
 livekit_server_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
 livekit_server_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}"
 livekit_server_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}"
+livekit_server_container_labels_turn_traefik_enabled: "{{ matrix_playbook_livekit_turn_traefik_entrypoint_enabled }}"
+livekit_server_container_labels_turn_traefik_entrypoints: "{{ matrix_playbook_livekit_turn_traefik_entrypoint_name }}"
+livekit_server_container_labels_turn_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}"

 livekit_server_container_labels_public_metrics_middleware_basic_auth_enabled: "{{ matrix_metrics_exposure_http_basic_auth_enabled }}"
 livekit_server_container_labels_public_metrics_middleware_basic_auth_users: "{{ matrix_metrics_exposure_http_basic_auth_users }}"
@@ -6239,15 +6170,19 @@ livekit_server_config_turn_tls_port: 5350
 # Note that TURN is not enabled by default. See `livekit_server_config_turn_enabled`.
 livekit_server_config_turn_udp_port: 3479

-# LiveKit's TURN implementation requires SSL certificates.
-# We only enable it if we can provide them automatically via Traefik + Traefik Certs Dumper.
-livekit_server_config_turn_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] and traefik_certs_dumper_enabled }}"
+# In this mode, Traefik terminates TURN/TLS and forwards plaintext TCP to LiveKit's `turn.tls_port`.
+# We only enable it automatically when Traefik is managed by this playbook.
+livekit_server_config_turn_external_tls: "{{ matrix_playbook_reverse_proxy_type == 'playbook-managed-traefik' and matrix_playbook_ssl_enabled }}"
+# TURN stays enabled for either mode:
+# - external TLS termination by playbook-managed Traefik
+# - in-container TLS using certificates from Traefik Certs Dumper
+livekit_server_config_turn_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] and (livekit_server_config_turn_external_tls or traefik_certs_dumper_enabled) }}"

 livekit_server_config_turn_cert_file: |-
  {{
    {
-      'playbook-managed-traefik': ('/certificate.crt' if traefik_certs_dumper_enabled else ''),
-      'other-traefik-container': ('/certificate.crt' if traefik_certs_dumper_enabled else ''),
+      'playbook-managed-traefik': ('/certificate.crt' if traefik_certs_dumper_enabled and not (livekit_server_config_turn_external_tls | bool) else ''),
+      'other-traefik-container': ('/certificate.crt' if traefik_certs_dumper_enabled and not (livekit_server_config_turn_external_tls | bool) else ''),
      'none': '',
    }[matrix_playbook_reverse_proxy_type]
  }}
@@ -6255,15 +6190,15 @@ livekit_server_config_turn_cert_file: |-
 livekit_server_config_turn_key_file: |-
  {{
    {
-      'playbook-managed-traefik': ('/privatekey.key' if traefik_certs_dumper_enabled else ''),
-      'other-traefik-container': ('/privatekey.key' if traefik_certs_dumper_enabled else ''),
+      'playbook-managed-traefik': ('/privatekey.key' if traefik_certs_dumper_enabled and not (livekit_server_config_turn_external_tls | bool) else ''),
+      'other-traefik-container': ('/privatekey.key' if traefik_certs_dumper_enabled and not (livekit_server_config_turn_external_tls | bool) else ''),
      'none': '',
    }[matrix_playbook_reverse_proxy_type]
  }}

 livekit_server_systemd_required_services_list_auto: |
  {{
-    ([traefik_certs_dumper_identifier + '-wait-for-domain@' + livekit_server_config_turn_domain + '.service'] if matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] and traefik_certs_dumper_enabled and livekit_server_config_turn_enabled else [])
+    ([traefik_certs_dumper_identifier + '-wait-for-domain@' + livekit_server_config_turn_domain + '.service'] if matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] and traefik_certs_dumper_enabled and livekit_server_config_turn_enabled and not (livekit_server_config_turn_external_tls | bool) else [])
  }}

 ########################################################################
--- a/i18n/requirements.txt
+++ b/i18n/requirements.txt
@@ -1,6 +1,6 @@
 alabaster==1.0.0
 babel==2.18.0
-certifi==2026.1.4
+certifi==2026.2.25
 charset-normalizer==3.4.4
 click==8.3.1
 docutils==0.22.4
--- a/requirements.yml
+++ b/requirements.yml
@@ -4,20 +4,20 @@
  version: v1.0.0-6
  name: auxiliary
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-backup_borg.git
-  version: v1.4.3-2.1.1-0
+  version: v1.4.3-2.1.1-1
  name: backup_borg
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-cinny.git
-  version: v4.10.2-2
+  version: v4.10.5-0
  name: cinny
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-container-socket-proxy.git
  version: v0.4.2-3
  name: container_socket_proxy
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-coturn.git
-  version: v4.8.0-1
+  version: v4.9.0-0
  name: coturn
  activation_prefix: coturn_
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-ddclient.git
-  version: v4.0.0-0
+  version: v4.0.0-1
  name: ddclient
  activation_prefix: ddclient_
 - src: git+https://github.com/geerlingguy/ansible-role-docker
@@ -27,25 +27,25 @@
  version: 542a2d68db4e9a8e9bb4b508052760b900c7dce6
  name: docker_sdk_for_python
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-etherpad.git
-  version: v2.6.1-0
+  version: v2.6.1-1
  name: etherpad
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-exim-relay.git
  version: v4.98.1-r0-2-3
  name: exim_relay
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-grafana.git
-  version: v11.6.5-6
+  version: v11.6.5-7
  name: grafana
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-hydrogen.git
-  version: v0.5.1-0
+  version: v0.5.1-1
  name: hydrogen
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-jitsi.git
  version: v10741-0
  name: jitsi
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-livekit-server.git
-  version: v1.9.11-1
+  version: v1.9.11-2
  name: livekit_server
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-ntfy.git
-  version: v2.17.0-0
+  version: v2.17.0-1
  name: ntfy
 - src: git+https://github.com/devture/com.devture.ansible.role.playbook_help.git
  version: 8630e4f1749bcb659c412820f754473f09055052
@@ -57,19 +57,22 @@
  version: dd6e15246b7a9a2d921e0b3f9cd8a4a917a1bb2f
  name: playbook_state_preserver
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-postgres.git
-  version: v18.2-1
+  version: v18.2-2
  name: postgres
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-postgres-backup.git
-  version: v18-0
+  version: v18-1
  name: postgres_backup
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus.git
-  version: v3.9.1-0
+  version: v3.9.1-1
  name: prometheus
+- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus-nginxlog-exporter.git
+  version: v1.10.0-0
+  name: prometheus_nginxlog_exporter
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus-node-exporter.git
-  version: v1.9.1-13
+  version: v1.9.1-14
  name: prometheus_node_exporter
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus-postgres-exporter.git
-  version: v0.19.0-0
+  version: v0.19.0-1
  name: prometheus_postgres_exporter
 - src: git+https://github.com/devture/com.devture.ansible.role.systemd_docker_base.git
  version: v1.4.1-0
@@ -81,11 +84,11 @@
  version: v1.1.0-1
  name: timesync
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-traefik.git
-  version: v3.6.8-4
+  version: v3.6.9-0
  name: traefik
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-traefik-certs-dumper.git
  version: v2.10.0-5
  name: traefik_certs_dumper
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-valkey.git
-  version: v9.0.2-0
+  version: v9.0.3-0
  name: valkey
--- a/roles/custom/matrix-alertmanager-receiver/defaults/main.yml
+++ b/roles/custom/matrix-alertmanager-receiver/defaults/main.yml
@@ -11,7 +11,7 @@
 matrix_alertmanager_receiver_enabled: true

 # renovate: datasource=docker depName=docker.io/metio/matrix-alertmanager-receiver
-matrix_alertmanager_receiver_version: 2026.2.11
+matrix_alertmanager_receiver_version: 2026.2.25

 matrix_alertmanager_receiver_scheme: https

--- a/roles/custom/matrix-alertmanager-receiver/tasks/install.yml
+++ b/roles/custom/matrix-alertmanager-receiver/tasks/install.yml
@@ -9,7 +9,7 @@
  ansible.builtin.file:
    path: "{{ item.path }}"
    state: directory
-    mode: 0750
+    mode: '0750'
    owner: "{{ matrix_user_name }}"
    group: "{{ matrix_group_name }}"
  with_items:
@@ -25,7 +25,7 @@
  ansible.builtin.copy:
    content: "{{ matrix_alertmanager_receiver_configuration | to_nice_yaml(indent=2, width=999999) }}"
    dest: "{{ matrix_alertmanager_receiver_config_path }}/config.yml"
-    mode: 0644
+    mode: '0644'
    owner: "{{ matrix_user_name }}"
    group: "{{ matrix_group_name }}"
  register: matrix_alertmanager_receiver_config_result
@@ -34,7 +34,7 @@
  ansible.builtin.template:
    src: "{{ role_path }}/templates/{{ item }}.j2"
    dest: "{{ matrix_alertmanager_receiver_base_path }}/{{ item }}"
-    mode: 0640
+    mode: '0640'
    owner: "{{ matrix_user_name }}"
    group: "{{ matrix_group_name }}"
  with_items:
@@ -85,7 +85,7 @@
  ansible.builtin.template:
    src: "{{ role_path }}/templates/systemd/matrix-alertmanager-receiver.service.j2"
    dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-alertmanager-receiver.service"
-    mode: 0644
+    mode: '0644'
  register: matrix_alertmanager_receiver_systemd_service_result

 - name: Determine whether matrix-alertmanager-receiver needs a restart
--- a/roles/custom/matrix-appservice-double-puppet/tasks/install.yml
+++ b/roles/custom/matrix-appservice-double-puppet/tasks/install.yml
@@ -8,7 +8,7 @@
  ansible.builtin.file:
    path: "{{ item.path }}"
    state: directory
-    mode: 0750
+    mode: '0750'
    owner: "{{ matrix_user_name }}"
    group: "{{ matrix_group_name }}"
  with_items:
@@ -22,6 +22,6 @@
  ansible.builtin.copy:
    content: "{{ matrix_appservice_double_puppet_registration_configuration | to_nice_yaml(indent=2, width=999999) }}"
    dest: "{{ matrix_appservice_double_puppet_config_path }}/registration.yaml"
-    mode: 0644
+    mode: '0644'
    owner: "{{ matrix_user_name }}"
    group: "{{ matrix_group_name }}"
--- a/roles/custom/matrix-appservice-draupnir-for-all/defaults/main.yml
+++ b/roles/custom/matrix-appservice-draupnir-for-all/defaults/main.yml
@@ -17,16 +17,16 @@ matrix_appservice_draupnir_for_all_version: "v2.9.0"
 matrix_appservice_draupnir_for_all_container_image_self_build: false
 matrix_appservice_draupnir_for_all_container_image_self_build_repo: "https://github.com/the-draupnir-project/Draupnir.git"

-matrix_appservice_draupnir_for_all_docker_image_registry_prefix: "{{ 'localhost/' if matrix_appservice_draupnir_for_all_container_image_self_build else matrix_appservice_draupnir_for_all_docker_image_registry_prefix_upstream }}"
-matrix_appservice_draupnir_for_all_docker_image_registry_prefix_upstream: "{{ matrix_appservice_draupnir_for_all_docker_image_registry_prefix_upstream_default }}"
-matrix_appservice_draupnir_for_all_docker_image_registry_prefix_upstream_default: "docker.io/"
-matrix_appservice_draupnir_for_all_docker_image: "{{ matrix_appservice_draupnir_for_all_docker_image_registry_prefix }}gnuxie/draupnir:{{ matrix_appservice_draupnir_for_all_version }}"
-matrix_appservice_draupnir_for_all_docker_image_force_pull: "{{ matrix_appservice_draupnir_for_all_docker_image.endswith(':latest') }}"
+matrix_appservice_draupnir_for_all_container_image_registry_prefix: "{{ 'localhost/' if matrix_appservice_draupnir_for_all_container_image_self_build else matrix_appservice_draupnir_for_all_container_image_registry_prefix_upstream }}"
+matrix_appservice_draupnir_for_all_container_image_registry_prefix_upstream: "{{ matrix_appservice_draupnir_for_all_container_image_registry_prefix_upstream_default }}"
+matrix_appservice_draupnir_for_all_container_image_registry_prefix_upstream_default: "docker.io/"
+matrix_appservice_draupnir_for_all_container_image: "{{ matrix_appservice_draupnir_for_all_container_image_registry_prefix }}gnuxie/draupnir:{{ matrix_appservice_draupnir_for_all_version }}"
+matrix_appservice_draupnir_for_all_container_image_force_pull: "{{ matrix_appservice_draupnir_for_all_container_image.endswith(':latest') }}"

 matrix_appservice_draupnir_for_all_base_path: "{{ matrix_base_data_path }}/draupnir-for-all"
 matrix_appservice_draupnir_for_all_config_path: "{{ matrix_appservice_draupnir_for_all_base_path }}/config"
 matrix_appservice_draupnir_for_all_data_path: "{{ matrix_appservice_draupnir_for_all_base_path }}/data"
-matrix_appservice_draupnir_for_all_docker_src_files_path: "{{ matrix_appservice_draupnir_for_all_base_path }}/docker-src"
+matrix_appservice_draupnir_for_all_container_src_files_path: "{{ matrix_appservice_draupnir_for_all_base_path }}/docker-src"

 matrix_appservice_draupnir_for_all_container_network: ""

--- a/roles/custom/matrix-appservice-draupnir-for-all/tasks/setup_install.yml
+++ b/roles/custom/matrix-appservice-draupnir-for-all/tasks/setup_install.yml
@@ -15,22 +15,22 @@
  ansible.builtin.file:
    path: "{{ item.path }}"
    state: directory
-    mode: 0750
+    mode: '0750'
    owner: "{{ matrix_user_name }}"
    group: "{{ matrix_group_name }}"
  with_items:
    - {path: "{{ matrix_appservice_draupnir_for_all_base_path }}", when: true}
    - {path: "{{ matrix_appservice_draupnir_for_all_config_path }}", when: true}
    - {path: "{{ matrix_appservice_draupnir_for_all_data_path }}", when: true}
-    - {path: "{{ matrix_appservice_draupnir_for_all_docker_src_files_path }}", when: "{{ matrix_appservice_draupnir_for_all_container_image_self_build }}"}
+    - {path: "{{ matrix_appservice_draupnir_for_all_container_src_files_path }}", when: "{{ matrix_appservice_draupnir_for_all_container_image_self_build }}"}
  when: "item.when | bool"

 - name: Ensure Draupnir Docker image is pulled
  community.docker.docker_image:
-    name: "{{ matrix_appservice_draupnir_for_all_docker_image }}"
+    name: "{{ matrix_appservice_draupnir_for_all_container_image }}"
    source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
-    force_source: "{{ matrix_appservice_draupnir_for_all_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
-    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_appservice_draupnir_for_all_docker_image_force_pull }}"
+    force_source: "{{ matrix_appservice_draupnir_for_all_container_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
+    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_appservice_draupnir_for_all_container_image_force_pull }}"
  when: "not matrix_appservice_draupnir_for_all_container_image_self_build | bool"
  register: matrix_appservice_draupnir_for_all_container_image_pull_result
  retries: "{{ devture_playbook_help_container_retries_count }}"
@@ -40,8 +40,8 @@
 - name: Ensure Draupnir repository is present on self-build
  ansible.builtin.git:
    repo: "{{ matrix_appservice_draupnir_for_all_container_image_self_build_repo }}"
-    dest: "{{ matrix_appservice_draupnir_for_all_docker_src_files_path }}"
-    version: "{{ matrix_appservice_draupnir_for_all_docker_image.split(':')[1] }}"
+    dest: "{{ matrix_appservice_draupnir_for_all_container_src_files_path }}"
+    version: "{{ matrix_appservice_draupnir_for_all_container_image.split(':')[1] }}"
    force: "yes"
  become: true
  become_user: "{{ matrix_user_name }}"
@@ -50,12 +50,12 @@

 - name: Ensure Draupnir Docker image is built
  community.docker.docker_image:
-    name: "{{ matrix_appservice_draupnir_for_all_docker_image }}"
+    name: "{{ matrix_appservice_draupnir_for_all_container_image }}"
    source: build
    force_source: "{{ matrix_appservice_draupnir_for_all_git_pull_results.changed }}"
    build:
      dockerfile: Dockerfile
-      path: "{{ matrix_appservice_draupnir_for_all_docker_src_files_path }}"
+      path: "{{ matrix_appservice_draupnir_for_all_container_src_files_path }}"
      pull: true
  when: "matrix_appservice_draupnir_for_all_container_image_self_build | bool"

@@ -63,7 +63,7 @@
  ansible.builtin.copy:
    content: "{{ matrix_appservice_draupnir_for_all_configuration_appservice | to_nice_yaml(indent=2, width=999999) }}"
    dest: "{{ matrix_appservice_draupnir_for_all_config_path }}/production-appservice.yaml"
-    mode: 0644
+    mode: '0644'
    owner: "{{ matrix_user_name }}"
    group: "{{ matrix_group_name }}"
  register: matrix_appservice_draupnir_for_all_appservice_config_result
@@ -72,7 +72,7 @@
  ansible.builtin.copy:
    content: "{{ matrix_appservice_draupnir_for_all_configuration | to_nice_yaml(indent=2, width=999999) }}"
    dest: "{{ matrix_appservice_draupnir_for_all_config_path }}/production-bots.yaml"
-    mode: 0644
+    mode: '0644'
    owner: "{{ matrix_user_name }}"
    group: "{{ matrix_group_name }}"
  register: matrix_appservice_draupnir_for_all_bot_config_result
@@ -81,7 +81,7 @@
  ansible.builtin.copy:
    content: "{{ matrix_appservice_draupnir_for_all_registration | to_nice_yaml(indent=2, width=999999) }}"
    dest: "{{ matrix_appservice_draupnir_for_all_config_path }}/draupnir-for-all-registration.yaml"
-    mode: 0644
+    mode: '0644'
    owner: "{{ matrix_user_name }}"
    group: "{{ matrix_group_name }}"
  register: matrix_appservice_draupnir_for_all_registration_config_result
@@ -97,7 +97,7 @@
  ansible.builtin.template:
    src: "{{ role_path }}/templates/systemd/matrix-appservice-draupnir-for-all.service.j2"
    dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-appservice-draupnir-for-all.service"
-    mode: 0644
+    mode: '0644'
  register: matrix_appservice_draupnir_for_all_systemd_service_result

 - name: Determine whether Draupnir for All needs a restart
--- a/roles/custom/matrix-appservice-draupnir-for-all/tasks/validate_config.yml
+++ b/roles/custom/matrix-appservice-draupnir-for-all/tasks/validate_config.yml
@@ -7,14 +7,6 @@

 ---

- name: Fail if required matrix-bot-draupnir variables are undefined
-  ansible.builtin.fail:
-    msg: "The `{{ item }}` variable must be defined and have a non-null value."
-  with_items:
-    - "matrix_appservice_draupnir_for_all_config_adminRoom"
-    - "matrix_bot_draupnir_container_network"
-  when: "lookup('vars', item, default='') == '' or lookup('vars', item, default='') is none"
-
 - name: (Deprecation) Catch and report renamed matrix-appservice-draupnir-for-all settings
  ansible.builtin.fail:
    msg: >-
@@ -22,6 +14,20 @@
      Please rename the variable (`{{ item.old }}` -> `{{ item.new }}`) on your configuration file (vars.yml).
  when: "lookup('ansible.builtin.varnames', ('^' + item.old + '$'), wantlist=True) | length > 0"
  with_items:
-    - {'old': 'matrix_appservice_draupnir_for_all_docker_image_name_prefix', 'new': 'matrix_appservice_draupnir_for_all_docker_image_registry_prefix'}
+    - {'old': 'matrix_appservice_draupnir_for_all_docker_image_name_prefix', 'new': 'matrix_appservice_draupnir_for_all_container_image_registry_prefix'}
    - {'old': 'matrix_appservice_draupnir_for_all_enable_room_state_backing_store', 'new': 'matrix_appservice_draupnir_for_all_config_roomStateBackingStore_enabled'}
    - {'old': 'matrix_appservice_draupnir_for_all_master_control_room_alias', 'new': 'matrix_appservice_draupnir_for_all_config_adminRoom'}
+    - {'old': 'matrix_appservice_draupnir_for_all_docker_image', 'new': 'matrix_appservice_draupnir_for_all_container_image'}
+    - {'old': 'matrix_appservice_draupnir_for_all_docker_image_force_pull', 'new': 'matrix_appservice_draupnir_for_all_container_image_force_pull'}
+    - {'old': 'matrix_appservice_draupnir_for_all_docker_image_registry_prefix', 'new': 'matrix_appservice_draupnir_for_all_container_image_registry_prefix'}
+    - {'old': 'matrix_appservice_draupnir_for_all_docker_image_registry_prefix_upstream', 'new': 'matrix_appservice_draupnir_for_all_container_image_registry_prefix_upstream'}
+    - {'old': 'matrix_appservice_draupnir_for_all_docker_image_registry_prefix_upstream_default', 'new': 'matrix_appservice_draupnir_for_all_container_image_registry_prefix_upstream_default'}
+    - {'old': 'matrix_appservice_draupnir_for_all_docker_src_files_path', 'new': 'matrix_appservice_draupnir_for_all_container_src_files_path'}
+
+- name: Fail if required matrix-bot-draupnir variables are undefined
+  ansible.builtin.fail:
+    msg: "The `{{ item }}` variable must be defined and have a non-null value."
+  with_items:
+    - "matrix_appservice_draupnir_for_all_config_adminRoom"
+    - "matrix_bot_draupnir_container_network"
+  when: "lookup('vars', item, default='') == '' or lookup('vars', item, default='') is none"
--- a/roles/custom/matrix-appservice-draupnir-for-all/templates/systemd/matrix-appservice-draupnir-for-all.service.j2
+++ b/roles/custom/matrix-appservice-draupnir-for-all/templates/systemd/matrix-appservice-draupnir-for-all.service.j2
@@ -29,7 +29,7 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \
 			{% for arg in matrix_appservice_draupnir_for_all_container_extra_arguments %}
 			{{ arg }} \
 			{% endfor %}
-			{{ matrix_appservice_draupnir_for_all_docker_image }} \
+			{{ matrix_appservice_draupnir_for_all_container_image }} \
 			appservice -c /data/config/production-appservice.yaml -f /data/config/draupnir-for-all-registration.yaml -p {{ matrix_appservice_draupnir_for_all_appservice_port }} --draupnir-config /data/config/production-bots.yaml

 {% for network in matrix_appservice_draupnir_for_all_container_additional_networks %}
--- a/roles/custom/matrix-authentication-service/defaults/main.yml
+++ b/roles/custom/matrix-authentication-service/defaults/main.yml
@@ -22,7 +22,7 @@ matrix_authentication_service_container_repo_version: "{{ 'main' if matrix_authe
 matrix_authentication_service_container_src_files_path: "{{ matrix_base_data_path }}/matrix-authentication-service/container-src"

 # renovate: datasource=docker depName=ghcr.io/element-hq/matrix-authentication-service
-matrix_authentication_service_version: 1.11.0
+matrix_authentication_service_version: 1.12.0
 matrix_authentication_service_container_image_registry_prefix: "{{ 'localhost/' if matrix_authentication_service_container_image_self_build else matrix_authentication_service_container_image_registry_prefix_upstream }}"
 matrix_authentication_service_container_image_registry_prefix_upstream: "{{ matrix_authentication_service_container_image_registry_prefix_upstream_default }}"
 matrix_authentication_service_container_image_registry_prefix_upstream_default: "ghcr.io/"
--- a/roles/custom/matrix-authentication-service/tasks/install.yml
+++ b/roles/custom/matrix-authentication-service/tasks/install.yml
@@ -8,7 +8,7 @@
  ansible.builtin.file:
    path: "{{ item.path }}"
    state: directory
-    mode: 0750
+    mode: '0750'
    owner: "{{ matrix_user_name }}"
    group: "{{ matrix_group_name }}"
  with_items:
@@ -37,7 +37,7 @@
  ansible.builtin.copy:
    content: "{{ matrix_authentication_service_configuration | to_nice_yaml(indent=2, width=999999) }}"
    dest: "{{ matrix_authentication_service_config_path }}/config.yaml"
-    mode: 0644
+    mode: '0644'
    owner: "{{ matrix_user_name }}"
    group: "{{ matrix_group_name }}"
  register: matrix_authentication_service_config_result
@@ -106,7 +106,7 @@
  ansible.builtin.template:
    src: "{{ role_path }}/templates/systemd/matrix-authentication-service.service.j2"
    dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-authentication-service.service"
-    mode: 0644
+    mode: '0644'
  register: matrix_authentication_service_systemd_service_result

 - name: Determine whether Matrix Authentication Service needs a restart
--- a/roles/custom/matrix-base/defaults/main.yml
+++ b/roles/custom/matrix-base/defaults/main.yml
@@ -92,6 +92,10 @@ matrix_homeserver_enabled: true
 # Note that the homeserver implementation of a server will not be able to be changed without data loss.
 matrix_homeserver_implementation: synapse

+# The priority that the homeserver starts with (lower = starts earlier).
+# Related to the systemd_service_manager role and `devture_systemd_service_manager_services_list*` variables.
+matrix_homeserver_systemd_service_manager_priority: 1000
+
 # This contains a secret, which is used for generating various other secrets later on.
 matrix_homeserver_generic_secret_key: ''

@@ -393,6 +397,22 @@ matrix_playbook_internal_matrix_client_api_traefik_entrypoint_definition:
  host_bind_port: "{{ matrix_playbook_internal_matrix_client_api_traefik_entrypoint_host_bind_port }}"
  config: "{{ matrix_playbook_internal_matrix_client_api_traefik_entrypoint_config }}"

+# Controls whether to enable an additional Traefik entrypoint for LiveKit TURN/TLS (TCP) traffic.
+matrix_playbook_livekit_turn_traefik_entrypoint_enabled: false
+matrix_playbook_livekit_turn_traefik_entrypoint_name: matrix-livekit-turn
+matrix_playbook_livekit_turn_traefik_entrypoint_port: 5350
+matrix_playbook_livekit_turn_traefik_entrypoint_host_bind_port: "{{ matrix_playbook_livekit_turn_traefik_entrypoint_port }}"
+matrix_playbook_livekit_turn_traefik_entrypoint_config: "{{ (matrix_playbook_livekit_turn_traefik_entrypoint_config_default | combine(matrix_playbook_livekit_turn_traefik_entrypoint_config_auto)) | combine(matrix_playbook_livekit_turn_traefik_entrypoint_config_custom, recursive=True) }}"
+matrix_playbook_livekit_turn_traefik_entrypoint_config_default: {}
+matrix_playbook_livekit_turn_traefik_entrypoint_config_auto: {}
+matrix_playbook_livekit_turn_traefik_entrypoint_config_custom: {}
+
+matrix_playbook_livekit_turn_traefik_entrypoint_definition:
+  name: "{{ matrix_playbook_livekit_turn_traefik_entrypoint_name }}"
+  port: "{{ matrix_playbook_livekit_turn_traefik_entrypoint_port }}"
+  host_bind_port: "{{ matrix_playbook_livekit_turn_traefik_entrypoint_host_bind_port }}"
+  config: "{{ matrix_playbook_livekit_turn_traefik_entrypoint_config }}"
+
 # Variables to Control which parts of our roles run.
 run_postgres_import: true
 run_postgres_upgrade: true
--- a/roles/custom/matrix-base/tasks/setup_matrix_base.yml
+++ b/roles/custom/matrix-base/tasks/setup_matrix_base.yml
@@ -27,4 +27,4 @@
  ansible.builtin.template:
    src: "{{ role_path }}/templates/bin/remove-all.j2"
    dest: "{{ matrix_bin_path }}/remove-all"
-    mode: 0750
+    mode: '0750'
--- a/roles/custom/matrix-bot-baibot/defaults/main.yml
+++ b/roles/custom/matrix-bot-baibot/defaults/main.yml
@@ -17,7 +17,7 @@ matrix_bot_baibot_container_repo_version: "{{ 'main' if matrix_bot_baibot_versio
 matrix_bot_baibot_container_src_files_path: "{{ matrix_base_data_path }}/baibot/container-src"

 # renovate: datasource=docker depName=ghcr.io/etkecc/baibot
-matrix_bot_baibot_version: v1.14.1
+matrix_bot_baibot_version: v1.14.3
 matrix_bot_baibot_container_image: "{{ matrix_bot_baibot_container_image_registry_prefix }}etkecc/baibot:{{ matrix_bot_baibot_version }}"
 matrix_bot_baibot_container_image_registry_prefix: "{{ 'localhost/' if matrix_bot_baibot_container_image_self_build else matrix_bot_baibot_container_image_registry_prefix_upstream }}"
 matrix_bot_baibot_container_image_registry_prefix_upstream: "{{ matrix_bot_baibot_container_image_registry_prefix_upstream_default }}"
--- a/roles/custom/matrix-bot-baibot/tasks/install.yml
+++ b/roles/custom/matrix-bot-baibot/tasks/install.yml
@@ -9,7 +9,7 @@
  ansible.builtin.file:
    path: "{{ item.path }}"
    state: directory
-    mode: 0750
+    mode: '0750'
    owner: "{{ matrix_user_name }}"
    group: "{{ matrix_group_name }}"
  with_items:
@@ -23,7 +23,7 @@
  ansible.builtin.copy:
    content: "{{ matrix_bot_baibot_configuration | to_nice_yaml(indent=2, width=999999) }}"
    dest: "{{ matrix_bot_baibot_config_path }}/config.yml"
-    mode: 0644
+    mode: '0644'
    owner: "{{ matrix_user_name }}"
    group: "{{ matrix_group_name }}"
  register: matrix_bot_baibot_config_result
@@ -34,7 +34,7 @@
    dest: "{{ matrix_bot_baibot_config_path }}/env"
    owner: "{{ matrix_user_name }}"
    group: "{{ matrix_group_name }}"
-    mode: 0640
+    mode: '0640'
  register: matrix_bot_baibot_env_result

 - name: Ensure baibot container image is pulled
@@ -83,7 +83,7 @@
  ansible.builtin.template:
    src: "{{ role_path }}/templates/systemd/matrix-bot-baibot.service.j2"
    dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-baibot.service"
-    mode: 0644
+    mode: '0644'
  register: matrix_bot_baibot_systemd_service_result

 - name: Determine whether baibot needs a restart
--- a/roles/custom/matrix-bot-buscarron/defaults/main.yml
+++ b/roles/custom/matrix-bot-buscarron/defaults/main.yml
@@ -32,15 +32,15 @@ matrix_bot_buscarron_data_path: "{{ matrix_bot_buscarron_base_path }}/data"
 matrix_bot_buscarron_data_store_path: "{{ matrix_bot_buscarron_data_path }}/store"

 matrix_bot_buscarron_container_image_self_build: false
-matrix_bot_buscarron_docker_repo: "https://github.com/etkecc/buscarron.git"
-matrix_bot_buscarron_docker_repo_version: "{{ matrix_bot_buscarron_version }}"
-matrix_bot_buscarron_docker_src_files_path: "{{ matrix_base_data_path }}/buscarron/docker-src"
+matrix_bot_buscarron_container_repo: "https://github.com/etkecc/buscarron.git"
+matrix_bot_buscarron_container_repo_version: "{{ matrix_bot_buscarron_version }}"
+matrix_bot_buscarron_container_src_files_path: "{{ matrix_base_data_path }}/buscarron/docker-src"

-matrix_bot_buscarron_docker_image: "{{ matrix_bot_buscarron_docker_image_registry_prefix }}etkecc/buscarron:{{ matrix_bot_buscarron_version }}"
-matrix_bot_buscarron_docker_image_registry_prefix: "{{ 'localhost/' if matrix_bot_buscarron_container_image_self_build else matrix_bot_buscarron_docker_image_registry_prefix_upstream }}"
-matrix_bot_buscarron_docker_image_registry_prefix_upstream: "{{ matrix_bot_buscarron_docker_image_registry_prefix_upstream_default }}"
-matrix_bot_buscarron_docker_image_registry_prefix_upstream_default: "ghcr.io/"
-matrix_bot_buscarron_docker_image_force_pull: "{{ matrix_bot_buscarron_docker_image.endswith(':latest') }}"
+matrix_bot_buscarron_container_image: "{{ matrix_bot_buscarron_container_image_registry_prefix }}etkecc/buscarron:{{ matrix_bot_buscarron_version }}"
+matrix_bot_buscarron_container_image_registry_prefix: "{{ 'localhost/' if matrix_bot_buscarron_container_image_self_build else matrix_bot_buscarron_container_image_registry_prefix_upstream }}"
+matrix_bot_buscarron_container_image_registry_prefix_upstream: "{{ matrix_bot_buscarron_container_image_registry_prefix_upstream_default }}"
+matrix_bot_buscarron_container_image_registry_prefix_upstream_default: "ghcr.io/"
+matrix_bot_buscarron_container_image_force_pull: "{{ matrix_bot_buscarron_container_image.endswith(':latest') }}"

 # The base container network. It will be auto-created by this role if it doesn't exist already.
 matrix_bot_buscarron_container_network: matrix-bot-buscarron
--- a/roles/custom/matrix-bot-buscarron/tasks/setup_install.yml
+++ b/roles/custom/matrix-bot-buscarron/tasks/setup_install.yml
@@ -38,14 +38,14 @@
  ansible.builtin.file:
    path: "{{ item.path }}"
    state: directory
-    mode: 0750
+    mode: '0750'
    owner: "{{ matrix_user_name }}"
    group: "{{ matrix_group_name }}"
  with_items:
    - {path: "{{ matrix_bot_buscarron_config_path }}", when: true}
    - {path: "{{ matrix_bot_buscarron_data_path }}", when: true}
    - {path: "{{ matrix_bot_buscarron_data_store_path }}", when: true}
-    - {path: "{{ matrix_bot_buscarron_docker_src_files_path }}", when: true}
+    - {path: "{{ matrix_bot_buscarron_container_src_files_path }}", when: true}
  when: "item.when | bool"

 - name: Ensure Buscarron support files installed
@@ -54,7 +54,7 @@
    dest: "{{ matrix_bot_buscarron_config_path }}/{{ item }}"
    owner: "{{ matrix_user_name }}"
    group: "{{ matrix_group_name }}"
-    mode: 0640
+    mode: '0640'
  with_items:
    - env
    - labels
@@ -62,10 +62,10 @@

 - name: Ensure Buscarron image is pulled
  community.docker.docker_image:
-    name: "{{ matrix_bot_buscarron_docker_image }}"
+    name: "{{ matrix_bot_buscarron_container_image }}"
    source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
-    force_source: "{{ matrix_bot_buscarron_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
-    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_bot_buscarron_docker_image_force_pull }}"
+    force_source: "{{ matrix_bot_buscarron_container_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
+    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_bot_buscarron_container_image_force_pull }}"
  when: "not matrix_bot_buscarron_container_image_self_build | bool"
  register: matrix_bot_buscarron_container_image_pull_result
  retries: "{{ devture_playbook_help_container_retries_count }}"
@@ -74,9 +74,9 @@

 - name: Ensure Buscarron repository is present on self-build
  ansible.builtin.git:
-    repo: "{{ matrix_bot_buscarron_docker_repo }}"
-    version: "{{ matrix_bot_buscarron_docker_repo_version }}"
-    dest: "{{ matrix_bot_buscarron_docker_src_files_path }}"
+    repo: "{{ matrix_bot_buscarron_container_repo }}"
+    version: "{{ matrix_bot_buscarron_container_repo_version }}"
+    dest: "{{ matrix_bot_buscarron_container_src_files_path }}"
    force: "yes"
  become: true
  become_user: "{{ matrix_user_name }}"
@@ -85,13 +85,13 @@

 - name: Ensure Buscarron image is built
  community.docker.docker_image:
-    name: "{{ matrix_bot_buscarron_docker_image }}"
+    name: "{{ matrix_bot_buscarron_container_image }}"
    source: build
    force_source: "{{ matrix_bot_buscarron_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_bot_buscarron_git_pull_results.changed }}"
    build:
      dockerfile: Dockerfile
-      path: "{{ matrix_bot_buscarron_docker_src_files_path }}"
+      path: "{{ matrix_bot_buscarron_container_src_files_path }}"
      pull: true
  when: "matrix_bot_buscarron_container_image_self_build | bool"

@@ -99,7 +99,7 @@
  ansible.builtin.template:
    src: "{{ role_path }}/templates/systemd/matrix-bot-buscarron.service.j2"
    dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-buscarron.service"
-    mode: 0644
+    mode: '0644'
  register: matrix_bot_buscarron_systemd_service_result

 - name: Determine whether Buscarron needs a restart
--- a/roles/custom/matrix-bot-buscarron/tasks/validate_config.yml
+++ b/roles/custom/matrix-bot-buscarron/tasks/validate_config.yml
@@ -17,6 +17,14 @@
    - {'old': 'matrix_bot_buscarron_spam_emails', 'new': '<superseded by matrix_bot_buscarron_spamlist>'}
    - {'old': 'matrix_bot_buscarron_spam_localparts', 'new': '<superseded by matrix_bot_buscarron_spamlist>'}
    - {'old': 'matrix_bot_buscarron_container_image_name_prefix', 'new': 'matrix_bot_buscarron_container_image_registry_prefix'}
+    - {'old': 'matrix_bot_buscarron_docker_image', 'new': 'matrix_bot_buscarron_container_image'}
+    - {'old': 'matrix_bot_buscarron_docker_image_force_pull', 'new': 'matrix_bot_buscarron_container_image_force_pull'}
+    - {'old': 'matrix_bot_buscarron_docker_image_registry_prefix', 'new': 'matrix_bot_buscarron_container_image_registry_prefix'}
+    - {'old': 'matrix_bot_buscarron_docker_image_registry_prefix_upstream', 'new': 'matrix_bot_buscarron_container_image_registry_prefix_upstream'}
+    - {'old': 'matrix_bot_buscarron_docker_image_registry_prefix_upstream_default', 'new': 'matrix_bot_buscarron_container_image_registry_prefix_upstream_default'}
+    - {'old': 'matrix_bot_buscarron_docker_repo', 'new': 'matrix_bot_buscarron_container_repo'}
+    - {'old': 'matrix_bot_buscarron_docker_repo_version', 'new': 'matrix_bot_buscarron_container_repo_version'}
+    - {'old': 'matrix_bot_buscarron_docker_src_files_path', 'new': 'matrix_bot_buscarron_container_src_files_path'}

 - name: Fail if required Buscarron settings not defined
  ansible.builtin.fail:
--- a/roles/custom/matrix-bot-buscarron/templates/systemd/matrix-bot-buscarron.service.j2
+++ b/roles/custom/matrix-bot-buscarron/templates/systemd/matrix-bot-buscarron.service.j2
@@ -30,7 +30,7 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \
 			{% for arg in matrix_bot_buscarron_container_extra_arguments %}
 			{{ arg }} \
 			{% endfor %}
-			{{ matrix_bot_buscarron_docker_image }}
+			{{ matrix_bot_buscarron_container_image }}

 {% for network in matrix_bot_buscarron_container_additional_networks %}
 ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} network connect {{ network }} matrix-bot-buscarron
--- a/roles/custom/matrix-bot-draupnir/defaults/main.yml
+++ b/roles/custom/matrix-bot-draupnir/defaults/main.yml
@@ -17,16 +17,16 @@ matrix_bot_draupnir_version: "v2.9.0"
 matrix_bot_draupnir_container_image_self_build: false
 matrix_bot_draupnir_container_image_self_build_repo: "https://github.com/the-draupnir-project/Draupnir.git"

-matrix_bot_draupnir_docker_image: "{{ matrix_bot_draupnir_docker_image_registry_prefix }}gnuxie/draupnir:{{ matrix_bot_draupnir_version }}"
-matrix_bot_draupnir_docker_image_registry_prefix: "{{ 'localhost/' if matrix_bot_draupnir_container_image_self_build else matrix_bot_draupnir_docker_image_registry_prefix_upstream }}"
-matrix_bot_draupnir_docker_image_registry_prefix_upstream: "{{ matrix_bot_draupnir_docker_image_registry_prefix_upstream_default }}"
-matrix_bot_draupnir_docker_image_registry_prefix_upstream_default: "docker.io/"
-matrix_bot_draupnir_docker_image_force_pull: "{{ matrix_bot_draupnir_docker_image.endswith(':latest') }}"
+matrix_bot_draupnir_container_image: "{{ matrix_bot_draupnir_container_image_registry_prefix }}gnuxie/draupnir:{{ matrix_bot_draupnir_version }}"
+matrix_bot_draupnir_container_image_registry_prefix: "{{ 'localhost/' if matrix_bot_draupnir_container_image_self_build else matrix_bot_draupnir_container_image_registry_prefix_upstream }}"
+matrix_bot_draupnir_container_image_registry_prefix_upstream: "{{ matrix_bot_draupnir_container_image_registry_prefix_upstream_default }}"
+matrix_bot_draupnir_container_image_registry_prefix_upstream_default: "docker.io/"
+matrix_bot_draupnir_container_image_force_pull: "{{ matrix_bot_draupnir_container_image.endswith(':latest') }}"

 matrix_bot_draupnir_base_path: "{{ matrix_base_data_path }}/draupnir"
 matrix_bot_draupnir_config_path: "{{ matrix_bot_draupnir_base_path }}/config"
 matrix_bot_draupnir_data_path: "{{ matrix_bot_draupnir_base_path }}/data"
-matrix_bot_draupnir_docker_src_files_path: "{{ matrix_bot_draupnir_base_path }}/docker-src"
+matrix_bot_draupnir_container_src_files_path: "{{ matrix_bot_draupnir_base_path }}/docker-src"

 matrix_bot_draupnir_config_web_enabled: "{{ matrix_bot_draupnir_config_web_abuseReporting or matrix_bot_draupnir_config_web_synapseHTTPAntispam_enabled }}"  # noqa var-naming

--- a/roles/custom/matrix-bot-draupnir/tasks/setup_install.yml
+++ b/roles/custom/matrix-bot-draupnir/tasks/setup_install.yml
@@ -15,14 +15,14 @@
  ansible.builtin.file:
    path: "{{ item.path }}"
    state: directory
-    mode: 0750
+    mode: '0750'
    owner: "{{ matrix_user_name }}"
    group: "{{ matrix_group_name }}"
  with_items:
    - {path: "{{ matrix_bot_draupnir_base_path }}", when: true}
    - {path: "{{ matrix_bot_draupnir_config_path }}", when: true}
    - {path: "{{ matrix_bot_draupnir_data_path }}", when: true}
-    - {path: "{{ matrix_bot_draupnir_docker_src_files_path }}", when: "{{ matrix_bot_draupnir_container_image_self_build }}"}
+    - {path: "{{ matrix_bot_draupnir_container_src_files_path }}", when: "{{ matrix_bot_draupnir_container_image_self_build }}"}
  when: "item.when | bool"

 - name: Ensure matrix-bot-draupnir support files installed
@@ -31,7 +31,7 @@
    dest: "{{ item.dest }}"
    owner: "{{ matrix_user_name }}"
    group: "{{ matrix_group_name }}"
-    mode: 0644
+    mode: '0644'
  with_items:
    - src: "{{ role_path }}/templates/labels.j2"
      dest: "{{ matrix_bot_draupnir_base_path }}/labels"
@@ -39,10 +39,10 @@

 - name: Ensure Draupnir Docker image is pulled
  community.docker.docker_image:
-    name: "{{ matrix_bot_draupnir_docker_image }}"
+    name: "{{ matrix_bot_draupnir_container_image }}"
    source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
-    force_source: "{{ matrix_bot_draupnir_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
-    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_bot_draupnir_docker_image_force_pull }}"
+    force_source: "{{ matrix_bot_draupnir_container_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
+    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_bot_draupnir_container_image_force_pull }}"
  when: "not matrix_bot_draupnir_container_image_self_build | bool"
  register: matrix_bot_draupnir_container_image_pull_result
  retries: "{{ devture_playbook_help_container_retries_count }}"
@@ -52,8 +52,8 @@
 - name: Ensure Draupnir repository is present on self-build
  ansible.builtin.git:
    repo: "{{ matrix_bot_draupnir_container_image_self_build_repo }}"
-    dest: "{{ matrix_bot_draupnir_docker_src_files_path }}"
-    version: "{{ matrix_bot_draupnir_docker_image.split(':')[1] }}"
+    dest: "{{ matrix_bot_draupnir_container_src_files_path }}"
+    version: "{{ matrix_bot_draupnir_container_image.split(':')[1] }}"
    force: "yes"
  become: true
  become_user: "{{ matrix_user_name }}"
@@ -62,12 +62,12 @@

 - name: Ensure Draupnir Docker image is built
  community.docker.docker_image:
-    name: "{{ matrix_bot_draupnir_docker_image }}"
+    name: "{{ matrix_bot_draupnir_container_image }}"
    source: build
    force_source: "{{ matrix_bot_draupnir_git_pull_results.changed }}"
    build:
      dockerfile: Dockerfile
-      path: "{{ matrix_bot_draupnir_docker_src_files_path }}"
+      path: "{{ matrix_bot_draupnir_container_src_files_path }}"
      pull: true
  when: "matrix_bot_draupnir_container_image_self_build | bool"

@@ -75,7 +75,7 @@
  ansible.builtin.copy:
    content: "{{ matrix_bot_draupnir_configuration | to_nice_yaml(indent=2, width=999999) }}"
    dest: "{{ matrix_bot_draupnir_config_path }}/production.yaml"
-    mode: 0644
+    mode: '0644'
    owner: "{{ matrix_user_name }}"
    group: "{{ matrix_group_name }}"
  register: matrix_bot_draupnir_config_result
@@ -91,7 +91,7 @@
  ansible.builtin.template:
    src: "{{ role_path }}/templates/systemd/matrix-bot-draupnir.service.j2"
    dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-draupnir.service"
-    mode: 0644
+    mode: '0644'
  register: matrix_bot_draupnir_systemd_service_result

 - name: Determine whether Draupnir needs a restart
--- a/roles/custom/matrix-bot-draupnir/tasks/validate_config.yml
+++ b/roles/custom/matrix-bot-draupnir/tasks/validate_config.yml
@@ -31,6 +31,12 @@
    - {'old': 'matrix_bot_draupnir_container_labels_traefik_entrypoints', 'new': 'matrix_bot_draupnir_container_labels_web_abuseReporting_traefik_entrypoints'}
    - {'old': 'matrix_bot_draupnir_container_labels_traefik_tls', 'new': 'matrix_bot_draupnir_container_labels_web_abuseReporting_traefik_tls'}
    - {'old': 'matrix_bot_draupnir_container_labels_traefik_tls_certResolver', 'new': 'matrix_bot_draupnir_container_labels_web_abuseReporting_traefik_tls_certResolver'}
+    - {'old': 'matrix_bot_draupnir_docker_image', 'new': 'matrix_bot_draupnir_container_image'}
+    - {'old': 'matrix_bot_draupnir_docker_image_force_pull', 'new': 'matrix_bot_draupnir_container_image_force_pull'}
+    - {'old': 'matrix_bot_draupnir_docker_image_registry_prefix', 'new': 'matrix_bot_draupnir_container_image_registry_prefix'}
+    - {'old': 'matrix_bot_draupnir_docker_image_registry_prefix_upstream', 'new': 'matrix_bot_draupnir_container_image_registry_prefix_upstream'}
+    - {'old': 'matrix_bot_draupnir_docker_image_registry_prefix_upstream_default', 'new': 'matrix_bot_draupnir_container_image_registry_prefix_upstream_default'}
+    - {'old': 'matrix_bot_draupnir_docker_src_files_path', 'new': 'matrix_bot_draupnir_container_src_files_path'}

 - name: Fail if required matrix-bot-draupnir variables are undefined
  ansible.builtin.fail:
--- a/roles/custom/matrix-bot-draupnir/templates/systemd/matrix-bot-draupnir.service.j2
+++ b/roles/custom/matrix-bot-draupnir/templates/systemd/matrix-bot-draupnir.service.j2
@@ -33,7 +33,7 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \
 			{% for arg in matrix_bot_draupnir_container_extra_arguments %}
 			{{ arg }} \
 			{% endfor %}
-			{{ matrix_bot_draupnir_docker_image }} \
+			{{ matrix_bot_draupnir_container_image }} \
 			bot --draupnir-config /data/config/production.yaml

 {% for network in matrix_bot_draupnir_container_additional_networks %}
--- a/roles/custom/matrix-bot-go-neb/tasks/install.yml
+++ b/roles/custom/matrix-bot-go-neb/tasks/install.yml
@@ -14,7 +14,7 @@
  ansible.builtin.file:
    path: "{{ item.path }}"
    state: directory
-    mode: 0750
+    mode: '0750'
    owner: "{{ matrix_user_name }}"
    group: "{{ matrix_group_name }}"
  with_items:
@@ -27,7 +27,7 @@
  ansible.builtin.copy:
    content: "{{ matrix_bot_go_neb_configuration | to_nice_yaml(indent=2, width=999999) }}"
    dest: "{{ matrix_bot_go_neb_config_path }}/config.yaml"
-    mode: 0644
+    mode: '0644'
    owner: "{{ matrix_user_name }}"
    group: "{{ matrix_group_name }}"
  register: matrix_bot_go_neb_config_result
@@ -36,7 +36,7 @@
  ansible.builtin.template:
    src: "{{ role_path }}/templates/{{ item }}.j2"
    dest: "{{ matrix_bot_go_neb_base_path }}/{{ item }}"
-    mode: 0640
+    mode: '0640'
    owner: "{{ matrix_user_name }}"
    group: "{{ matrix_group_name }}"
  with_items:
@@ -66,7 +66,7 @@
  ansible.builtin.template:
    src: "{{ role_path }}/templates/systemd/matrix-bot-go-neb.service.j2"
    dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-go-neb.service"
-    mode: 0644
+    mode: '0644'
  register: matrix_bot_go_neb_systemd_service_result

 - name: Determine whether go-neb needs a restart
--- a/roles/custom/matrix-bot-honoroit/defaults/main.yml
+++ b/roles/custom/matrix-bot-honoroit/defaults/main.yml
@@ -25,17 +25,17 @@ matrix_bot_honoroit_path_prefix: /
 matrix_bot_honoroit_metrics_path: /metrics

 matrix_bot_honoroit_container_image_self_build: false
-matrix_bot_honoroit_docker_repo: "https://github.com/etkecc/honoroit.git"
-matrix_bot_honoroit_docker_repo_version: "{{ matrix_bot_honoroit_version }}"
-matrix_bot_honoroit_docker_src_files_path: "{{ matrix_base_data_path }}/honoroit/docker-src"
+matrix_bot_honoroit_container_repo: "https://github.com/etkecc/honoroit.git"
+matrix_bot_honoroit_container_repo_version: "{{ matrix_bot_honoroit_version }}"
+matrix_bot_honoroit_container_src_files_path: "{{ matrix_base_data_path }}/honoroit/docker-src"

 # renovate: datasource=docker depName=ghcr.io/etkecc/honoroit
 matrix_bot_honoroit_version: v0.9.29
-matrix_bot_honoroit_docker_image: "{{ matrix_bot_honoroit_docker_image_registry_prefix }}etkecc/honoroit:{{ matrix_bot_honoroit_version }}"
-matrix_bot_honoroit_docker_image_registry_prefix: "{{ 'localhost/' if matrix_bot_honoroit_container_image_self_build else matrix_bot_honoroit_docker_image_registry_prefix_upstream }}"
-matrix_bot_honoroit_docker_image_registry_prefix_upstream: "{{ matrix_bot_honoroit_docker_image_registry_prefix_upstream_default }}"
-matrix_bot_honoroit_docker_image_registry_prefix_upstream_default: "ghcr.io/"
-matrix_bot_honoroit_docker_image_force_pull: "{{ matrix_bot_honoroit_docker_image.endswith(':latest') }}"
+matrix_bot_honoroit_container_image: "{{ matrix_bot_honoroit_container_image_registry_prefix }}etkecc/honoroit:{{ matrix_bot_honoroit_version }}"
+matrix_bot_honoroit_container_image_registry_prefix: "{{ 'localhost/' if matrix_bot_honoroit_container_image_self_build else matrix_bot_honoroit_container_image_registry_prefix_upstream }}"
+matrix_bot_honoroit_container_image_registry_prefix_upstream: "{{ matrix_bot_honoroit_container_image_registry_prefix_upstream_default }}"
+matrix_bot_honoroit_container_image_registry_prefix_upstream_default: "ghcr.io/"
+matrix_bot_honoroit_container_image_force_pull: "{{ matrix_bot_honoroit_container_image.endswith(':latest') }}"

 matrix_bot_honoroit_base_path: "{{ matrix_base_data_path }}/honoroit"
 matrix_bot_honoroit_config_path: "{{ matrix_bot_honoroit_base_path }}/config"
--- a/roles/custom/matrix-bot-honoroit/tasks/setup_install.yml
+++ b/roles/custom/matrix-bot-honoroit/tasks/setup_install.yml
@@ -40,14 +40,14 @@
  ansible.builtin.file:
    path: "{{ item.path }}"
    state: directory
-    mode: 0750
+    mode: '0750'
    owner: "{{ matrix_user_name }}"
    group: "{{ matrix_group_name }}"
  with_items:
    - {path: "{{ matrix_bot_honoroit_config_path }}", when: true}
    - {path: "{{ matrix_bot_honoroit_data_path }}", when: true}
    - {path: "{{ matrix_bot_honoroit_data_store_path }}", when: true}
-    - {path: "{{ matrix_bot_honoroit_docker_src_files_path }}", when: true}
+    - {path: "{{ matrix_bot_honoroit_container_src_files_path }}", when: true}
  when: "item.when | bool"

 - name: Ensure Honoroit support files installed
@@ -56,7 +56,7 @@
    dest: "{{ matrix_bot_honoroit_config_path }}/{{ item }}"
    owner: "{{ matrix_user_name }}"
    group: "{{ matrix_group_name }}"
-    mode: 0640
+    mode: '0640'
  with_items:
    - env
    - labels
@@ -64,10 +64,10 @@

 - name: Ensure Honoroit image is pulled
  community.docker.docker_image:
-    name: "{{ matrix_bot_honoroit_docker_image }}"
+    name: "{{ matrix_bot_honoroit_container_image }}"
    source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
-    force_source: "{{ matrix_bot_honoroit_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
-    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_bot_honoroit_docker_image_force_pull }}"
+    force_source: "{{ matrix_bot_honoroit_container_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
+    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_bot_honoroit_container_image_force_pull }}"
  when: "not matrix_bot_honoroit_container_image_self_build | bool"
  register: matrix_bot_honoroit_container_image_pull_result
  retries: "{{ devture_playbook_help_container_retries_count }}"
@@ -76,9 +76,9 @@

 - name: Ensure Honoroit repository is present on self-build
  ansible.builtin.git:
-    repo: "{{ matrix_bot_honoroit_docker_repo }}"
-    version: "{{ matrix_bot_honoroit_docker_repo_version }}"
-    dest: "{{ matrix_bot_honoroit_docker_src_files_path }}"
+    repo: "{{ matrix_bot_honoroit_container_repo }}"
+    version: "{{ matrix_bot_honoroit_container_repo_version }}"
+    dest: "{{ matrix_bot_honoroit_container_src_files_path }}"
    force: "yes"
  become: true
  become_user: "{{ matrix_user_name }}"
@@ -87,13 +87,13 @@

 - name: Ensure Honoroit image is built
  community.docker.docker_image:
-    name: "{{ matrix_bot_honoroit_docker_image }}"
+    name: "{{ matrix_bot_honoroit_container_image }}"
    source: build
    force_source: "{{ matrix_bot_honoroit_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_bot_honoroit_container_image_self_build.changed }}"
    build:
      dockerfile: Dockerfile
-      path: "{{ matrix_bot_honoroit_docker_src_files_path }}"
+      path: "{{ matrix_bot_honoroit_container_src_files_path }}"
      pull: true
  when: "matrix_bot_honoroit_container_image_self_build | bool"

@@ -108,7 +108,7 @@
  ansible.builtin.template:
    src: "{{ role_path }}/templates/systemd/matrix-bot-honoroit.service.j2"
    dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-honoroit.service"
-    mode: 0644
+    mode: '0644'
  register: matrix_bot_honoroit_systemd_service_result

 - name: Determine whether Honoroit needs a restart
--- a/roles/custom/matrix-bot-honoroit/tasks/validate_config.yml
+++ b/roles/custom/matrix-bot-honoroit/tasks/validate_config.yml
@@ -6,6 +6,23 @@

 ---

+- name: (Deprecation) Catch and report renamed Honoroit settings
+  ansible.builtin.fail:
+    msg: >-
+      Your configuration contains a variable, which now has a different name.
+      Please rename the variable (`{{ item.old }}` -> `{{ item.new }}`) on your configuration file (vars.yml).
+  when: "lookup('ansible.builtin.varnames', ('^' + item.old + '$'), wantlist=True) | length > 0"
+  with_items:
+    - {'old': 'matrix_bot_honoroit_container_image_name_prefix', 'new': 'matrix_bot_honoroit_container_image_registry_prefix'}
+    - {'old': 'matrix_bot_honoroit_docker_image', 'new': 'matrix_bot_honoroit_container_image'}
+    - {'old': 'matrix_bot_honoroit_docker_image_force_pull', 'new': 'matrix_bot_honoroit_container_image_force_pull'}
+    - {'old': 'matrix_bot_honoroit_docker_image_registry_prefix', 'new': 'matrix_bot_honoroit_container_image_registry_prefix'}
+    - {'old': 'matrix_bot_honoroit_docker_image_registry_prefix_upstream', 'new': 'matrix_bot_honoroit_container_image_registry_prefix_upstream'}
+    - {'old': 'matrix_bot_honoroit_docker_image_registry_prefix_upstream_default', 'new': 'matrix_bot_honoroit_container_image_registry_prefix_upstream_default'}
+    - {'old': 'matrix_bot_honoroit_docker_repo', 'new': 'matrix_bot_honoroit_container_repo'}
+    - {'old': 'matrix_bot_honoroit_docker_repo_version', 'new': 'matrix_bot_honoroit_container_repo_version'}
+    - {'old': 'matrix_bot_honoroit_docker_src_files_path', 'new': 'matrix_bot_honoroit_container_src_files_path'}
+
 - name: Fail if required Honoroit settings not defined
  ansible.builtin.fail:
    msg: >-
@@ -16,12 +33,3 @@
    - {'name': 'matrix_bot_honoroit_password', when: true}
    - {'name': 'matrix_bot_honoroit_roomid', when: true}
    - {'name': 'matrix_bot_honoroit_database_hostname', when: "{{ matrix_bot_honoroit_database_engine == 'postgres' }}"}
-
- name: (Deprecation) Catch and report renamed Honoroit settings
-  ansible.builtin.fail:
-    msg: >-
-      Your configuration contains a variable, which now has a different name.
-      Please rename the variable (`{{ item.old }}` -> `{{ item.new }}`) on your configuration file (vars.yml).
-  when: "lookup('ansible.builtin.varnames', ('^' + item.old + '$'), wantlist=True) | length > 0"
-  with_items:
-    - {'old': 'matrix_bot_honoroit_container_image_name_prefix', 'new': 'matrix_bot_honoroit_container_image_registry_prefix'}
--- a/roles/custom/matrix-bot-honoroit/templates/systemd/matrix-bot-honoroit.service.j2
+++ b/roles/custom/matrix-bot-honoroit/templates/systemd/matrix-bot-honoroit.service.j2
@@ -30,7 +30,7 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \
 			{% for arg in matrix_bot_honoroit_container_extra_arguments %}
 			{{ arg }} \
 			{% endfor %}
-			{{ matrix_bot_honoroit_docker_image }}
+			{{ matrix_bot_honoroit_container_image }}

 {% for network in matrix_bot_honoroit_container_additional_networks %}
 ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} network connect {{ network }} matrix-bot-honoroit
--- a/roles/custom/matrix-bot-matrix-registration-bot/defaults/main.yml
+++ b/roles/custom/matrix-bot-matrix-registration-bot/defaults/main.yml
@@ -14,19 +14,19 @@

 matrix_bot_matrix_registration_bot_enabled: true
 matrix_bot_matrix_registration_bot_container_image_self_build: false
-matrix_bot_matrix_registration_bot_docker_repo: "https://github.com/moan0s/matrix-registration-bot.git"
-matrix_bot_matrix_registration_bot_docker_repo_version: "{{ 'main' if matrix_bot_matrix_registration_bot_version == 'latest' else ('v' + matrix_bot_matrix_registration_bot_version) }}"
-matrix_bot_matrix_registration_bot_docker_src_files_path: "{{ matrix_bot_matrix_registration_bot_base_path }}/docker-src"
+matrix_bot_matrix_registration_bot_container_repo: "https://github.com/moan0s/matrix-registration-bot.git"
+matrix_bot_matrix_registration_bot_container_repo_version: "{{ 'main' if matrix_bot_matrix_registration_bot_version == 'latest' else ('v' + matrix_bot_matrix_registration_bot_version) }}"
+matrix_bot_matrix_registration_bot_container_src_files_path: "{{ matrix_bot_matrix_registration_bot_base_path }}/docker-src"

 # renovate: datasource=docker depName=moanos/matrix-registration-bot
 matrix_bot_matrix_registration_bot_version: 1.3.0
-matrix_bot_matrix_registration_bot_docker_iteration: 0
-matrix_bot_matrix_registration_bot_docker_tag: "{{ matrix_bot_matrix_registration_bot_version }}-{{ matrix_bot_matrix_registration_bot_docker_iteration }}"
-matrix_bot_matrix_registration_bot_docker_image: "{{ matrix_bot_matrix_registration_bot_docker_image_registry_prefix }}moanos/matrix-registration-bot:{{ matrix_bot_matrix_registration_bot_docker_tag }}"
-matrix_bot_matrix_registration_bot_docker_image_registry_prefix: "{{ 'localhost/' if matrix_bot_matrix_registration_bot_container_image_self_build else matrix_bot_matrix_registration_bot_docker_image_registry_prefix_upstream }}"
-matrix_bot_matrix_registration_bot_docker_image_registry_prefix_upstream: "{{ matrix_bot_matrix_registration_bot_docker_image_registry_prefix_upstream_default }}"
-matrix_bot_matrix_registration_bot_docker_image_registry_prefix_upstream_default: "docker.io/"
-matrix_bot_matrix_registration_bot_docker_image_force_pull: "{{ matrix_bot_matrix_registration_bot_docker_image.endswith(':latest') }}"
+matrix_bot_matrix_registration_bot_container_iteration: 0
+matrix_bot_matrix_registration_bot_container_tag: "{{ matrix_bot_matrix_registration_bot_version }}-{{ matrix_bot_matrix_registration_bot_container_iteration }}"
+matrix_bot_matrix_registration_bot_container_image: "{{ matrix_bot_matrix_registration_bot_container_image_registry_prefix }}moanos/matrix-registration-bot:{{ matrix_bot_matrix_registration_bot_container_tag }}"
+matrix_bot_matrix_registration_bot_container_image_registry_prefix: "{{ 'localhost/' if matrix_bot_matrix_registration_bot_container_image_self_build else matrix_bot_matrix_registration_bot_container_image_registry_prefix_upstream }}"
+matrix_bot_matrix_registration_bot_container_image_registry_prefix_upstream: "{{ matrix_bot_matrix_registration_bot_container_image_registry_prefix_upstream_default }}"
+matrix_bot_matrix_registration_bot_container_image_registry_prefix_upstream_default: "docker.io/"
+matrix_bot_matrix_registration_bot_container_image_force_pull: "{{ matrix_bot_matrix_registration_bot_container_image.endswith(':latest') }}"

 matrix_bot_matrix_registration_bot_base_path: "{{ matrix_base_data_path }}/matrix-registration-bot"
 matrix_bot_matrix_registration_bot_config_path: "{{ matrix_bot_matrix_registration_bot_base_path }}/config"
--- a/roles/custom/matrix-bot-matrix-registration-bot/tasks/clean_cache.yml
+++ b/roles/custom/matrix-bot-matrix-registration-bot/tasks/clean_cache.yml
@@ -8,7 +8,7 @@
  ansible.builtin.file:
    state: "{{ item }}"
    path: "{{ matrix_bot_matrix_registration_bot_data_path }}"
-    mode: 0750
+    mode: '0750'
    owner: "{{ matrix_user_name }}"
    group: "{{ matrix_group_name }}"
  with_items:
--- a/roles/custom/matrix-bot-matrix-registration-bot/tasks/setup_install.yml
+++ b/roles/custom/matrix-bot-matrix-registration-bot/tasks/setup_install.yml
@@ -12,13 +12,13 @@
  ansible.builtin.file:
    path: "{{ item.path }}"
    state: directory
-    mode: 0750
+    mode: '0750'
    owner: "{{ matrix_user_name }}"
    group: "{{ matrix_group_name }}"
  with_items:
    - {path: "{{ matrix_bot_matrix_registration_bot_config_path }}", when: true}
    - {path: "{{ matrix_bot_matrix_registration_bot_data_path }}", when: true}
-    - {path: "{{ matrix_bot_matrix_registration_bot_docker_src_files_path }}", when: "{{ matrix_bot_matrix_registration_bot_container_image_self_build }}"}
+    - {path: "{{ matrix_bot_matrix_registration_bot_container_src_files_path }}", when: "{{ matrix_bot_matrix_registration_bot_container_image_self_build }}"}
  when: "item.when | bool"

 - name: Ensure matrix-registration-bot configuration file created
@@ -27,15 +27,15 @@
    dest: "{{ matrix_bot_matrix_registration_bot_config_path }}/config.yaml"
    owner: "{{ matrix_user_name }}"
    group: "{{ matrix_group_name }}"
-    mode: 0640
+    mode: '0640'
  register: matrix_bot_matrix_registration_bot_config_result

 - name: Ensure matrix-registration-bot image is pulled
  community.docker.docker_image:
-    name: "{{ matrix_bot_matrix_registration_bot_docker_image }}"
+    name: "{{ matrix_bot_matrix_registration_bot_container_image }}"
    source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
-    force_source: "{{ matrix_bot_matrix_registration_bot_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
-    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_bot_matrix_registration_bot_docker_image_force_pull }}"
+    force_source: "{{ matrix_bot_matrix_registration_bot_container_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
+    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_bot_matrix_registration_bot_container_image_force_pull }}"
  when: "not matrix_bot_matrix_registration_bot_container_image_self_build | bool"
  register: matrix_bot_matrix_registration_bot_container_image_pull_result
  retries: "{{ devture_playbook_help_container_retries_count }}"
@@ -46,9 +46,9 @@
  block:
    - name: Ensure matrix-registration-bot repository is present on self-build
      ansible.builtin.git:
-        repo: "{{ matrix_bot_matrix_registration_bot_docker_repo }}"
-        version: "{{ matrix_bot_matrix_registration_bot_docker_repo_version }}"
-        dest: "{{ matrix_bot_matrix_registration_bot_docker_src_files_path }}"
+        repo: "{{ matrix_bot_matrix_registration_bot_container_repo }}"
+        version: "{{ matrix_bot_matrix_registration_bot_container_repo_version }}"
+        dest: "{{ matrix_bot_matrix_registration_bot_container_src_files_path }}"
        force: "yes"
      become: true
      become_user: "{{ matrix_user_name }}"
@@ -56,13 +56,13 @@

    - name: Ensure matrix-registration-bot image is built
      community.docker.docker_image:
-        name: "{{ matrix_bot_matrix_registration_bot_docker_image }}"
+        name: "{{ matrix_bot_matrix_registration_bot_container_image }}"
        source: build
        force_source: "{{ matrix_bot_matrix_registration_bot_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
        force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_bot_matrix_registration_bot_git_pull_results.changed }}"
        build:
          dockerfile: Dockerfile
-          path: "{{ matrix_bot_matrix_registration_bot_docker_src_files_path }}"
+          path: "{{ matrix_bot_matrix_registration_bot_container_src_files_path }}"
          pull: true

 - name: Ensure matrix-registration-bot container network is created
@@ -76,7 +76,7 @@
  ansible.builtin.template:
    src: "{{ role_path }}/templates/systemd/matrix-bot-matrix-registration-bot.service.j2"
    dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-matrix-registration-bot.service"
-    mode: 0644
+    mode: '0644'
  register: matrix_bot_matrix_registration_bot_systemd_service_result

 - name: Determine whether matrix-registration-bot needs a restart
--- a/roles/custom/matrix-bot-matrix-registration-bot/tasks/validate_config.yml
+++ b/roles/custom/matrix-bot-matrix-registration-bot/tasks/validate_config.yml
@@ -6,15 +6,6 @@

 ---

- name: Fail if required settings not defined
-  ansible.builtin.fail:
-    msg: >-
-      You need to define a required configuration setting (`{{ item }}`).
-  when: "lookup('vars', item, default='') == ''"
-  with_items:
-    - "matrix_bot_matrix_registration_bot_bot_password"
-    - "matrix_bot_matrix_registration_bot_api_base_url"
-
 - name: (Deprecation) Catch and report renamed settings
  ansible.builtin.fail:
    msg: >-
@@ -24,3 +15,22 @@
  with_items:
    - {'old': 'matrix_bot_matrix_registration_bot_bot_access_token', 'new': '<removed>'}
    - {'old': 'matrix_bot_matrix_registration_bot_matrix_homeserver_url', 'new': 'matrix_bot_matrix_registration_bot_api_base_url'}
+    - {'old': 'matrix_bot_matrix_registration_bot_docker_image', 'new': 'matrix_bot_matrix_registration_bot_container_image'}
+    - {'old': 'matrix_bot_matrix_registration_bot_docker_image_force_pull', 'new': 'matrix_bot_matrix_registration_bot_container_image_force_pull'}
+    - {'old': 'matrix_bot_matrix_registration_bot_docker_image_registry_prefix', 'new': 'matrix_bot_matrix_registration_bot_container_image_registry_prefix'}
+    - {'old': 'matrix_bot_matrix_registration_bot_docker_image_registry_prefix_upstream', 'new': 'matrix_bot_matrix_registration_bot_container_image_registry_prefix_upstream'}
+    - {'old': 'matrix_bot_matrix_registration_bot_docker_image_registry_prefix_upstream_default', 'new': 'matrix_bot_matrix_registration_bot_container_image_registry_prefix_upstream_default'}
+    - {'old': 'matrix_bot_matrix_registration_bot_docker_iteration', 'new': 'matrix_bot_matrix_registration_bot_container_iteration'}
+    - {'old': 'matrix_bot_matrix_registration_bot_docker_repo', 'new': 'matrix_bot_matrix_registration_bot_container_repo'}
+    - {'old': 'matrix_bot_matrix_registration_bot_docker_repo_version', 'new': 'matrix_bot_matrix_registration_bot_container_repo_version'}
+    - {'old': 'matrix_bot_matrix_registration_bot_docker_src_files_path', 'new': 'matrix_bot_matrix_registration_bot_container_src_files_path'}
+    - {'old': 'matrix_bot_matrix_registration_bot_docker_tag', 'new': 'matrix_bot_matrix_registration_bot_container_tag'}
+
+- name: Fail if required settings not defined
+  ansible.builtin.fail:
+    msg: >-
+      You need to define a required configuration setting (`{{ item }}`).
+  when: "lookup('vars', item, default='') == ''"
+  with_items:
+    - "matrix_bot_matrix_registration_bot_bot_password"
+    - "matrix_bot_matrix_registration_bot_api_base_url"
--- a/roles/custom/matrix-bot-matrix-registration-bot/templates/systemd/matrix-bot-matrix-registration-bot.service.j2
+++ b/roles/custom/matrix-bot-matrix-registration-bot/templates/systemd/matrix-bot-matrix-registration-bot.service.j2
@@ -27,7 +27,7 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \
 			--mount type=bind,src={{ matrix_bot_matrix_registration_bot_config_path }},dst=/config,ro \
 			--mount type=bind,src={{ matrix_bot_matrix_registration_bot_data_path }},dst=/data \
 			--network={{ matrix_bot_matrix_registration_bot_container_network }} \
-			{{ matrix_bot_matrix_registration_bot_docker_image }}
+			{{ matrix_bot_matrix_registration_bot_container_image }}

 {% for network in matrix_bot_matrix_registration_bot_container_additional_networks %}
 ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} network connect {{ network }} matrix-bot-matrix-registration-bot
--- a/roles/custom/matrix-bot-matrix-reminder-bot/defaults/main.yml
+++ b/roles/custom/matrix-bot-matrix-reminder-bot/defaults/main.yml
@@ -15,17 +15,17 @@
 matrix_bot_matrix_reminder_bot_enabled: true

 matrix_bot_matrix_reminder_bot_container_image_self_build: false
-matrix_bot_matrix_reminder_bot_docker_repo: "https://github.com/anoadragon453/matrix-reminder-bot.git"
-matrix_bot_matrix_reminder_bot_docker_repo_version: "{{ 'master' if matrix_bot_matrix_reminder_bot_version == 'latest' else matrix_bot_matrix_reminder_bot_version }}"
-matrix_bot_matrix_reminder_bot_docker_src_files_path: "{{ matrix_base_data_path }}/matrix-reminder-bot/docker-src"
+matrix_bot_matrix_reminder_bot_container_repo: "https://github.com/anoadragon453/matrix-reminder-bot.git"
+matrix_bot_matrix_reminder_bot_container_repo_version: "{{ 'master' if matrix_bot_matrix_reminder_bot_version == 'latest' else matrix_bot_matrix_reminder_bot_version }}"
+matrix_bot_matrix_reminder_bot_container_src_files_path: "{{ matrix_base_data_path }}/matrix-reminder-bot/docker-src"

 # renovate: datasource=docker depName=ghcr.io/anoadragon453/matrix-reminder-bot
 matrix_bot_matrix_reminder_bot_version: v0.4.0
-matrix_bot_matrix_reminder_bot_docker_image: "{{ matrix_bot_matrix_reminder_bot_docker_image_registry_prefix }}anoadragon453/matrix-reminder-bot:{{ matrix_bot_matrix_reminder_bot_version }}"
-matrix_bot_matrix_reminder_bot_docker_image_registry_prefix: "{{ 'localhost/' if matrix_bot_matrix_reminder_bot_container_image_self_build else matrix_bot_matrix_reminder_bot_docker_image_registry_prefix_upstream }}"
-matrix_bot_matrix_reminder_bot_docker_image_registry_prefix_upstream: "{{ matrix_bot_matrix_reminder_bot_docker_image_registry_prefix_upstream_default }}"
-matrix_bot_matrix_reminder_bot_docker_image_registry_prefix_upstream_default: "ghcr.io/"
-matrix_bot_matrix_reminder_bot_docker_image_force_pull: "{{ matrix_bot_matrix_reminder_bot_docker_image.endswith(':latest') }}"
+matrix_bot_matrix_reminder_bot_container_image: "{{ matrix_bot_matrix_reminder_bot_container_image_registry_prefix }}anoadragon453/matrix-reminder-bot:{{ matrix_bot_matrix_reminder_bot_version }}"
+matrix_bot_matrix_reminder_bot_container_image_registry_prefix: "{{ 'localhost/' if matrix_bot_matrix_reminder_bot_container_image_self_build else matrix_bot_matrix_reminder_bot_container_image_registry_prefix_upstream }}"
+matrix_bot_matrix_reminder_bot_container_image_registry_prefix_upstream: "{{ matrix_bot_matrix_reminder_bot_container_image_registry_prefix_upstream_default }}"
+matrix_bot_matrix_reminder_bot_container_image_registry_prefix_upstream_default: "ghcr.io/"
+matrix_bot_matrix_reminder_bot_container_image_force_pull: "{{ matrix_bot_matrix_reminder_bot_container_image.endswith(':latest') }}"

 matrix_bot_matrix_reminder_bot_base_path: "{{ matrix_base_data_path }}/matrix-reminder-bot"
 matrix_bot_matrix_reminder_bot_config_path: "{{ matrix_bot_matrix_reminder_bot_base_path }}/config"
--- a/roles/custom/matrix-bot-matrix-reminder-bot/tasks/setup_install.yml
+++ b/roles/custom/matrix-bot-matrix-reminder-bot/tasks/setup_install.yml
@@ -42,22 +42,22 @@
  ansible.builtin.file:
    path: "{{ item.path }}"
    state: directory
-    mode: 0750
+    mode: '0750'
    owner: "{{ matrix_user_name }}"
    group: "{{ matrix_group_name }}"
  with_items:
    - {path: "{{ matrix_bot_matrix_reminder_bot_config_path }}", when: true}
    - {path: "{{ matrix_bot_matrix_reminder_bot_data_path }}", when: true}
    - {path: "{{ matrix_bot_matrix_reminder_bot_data_store_path }}", when: true}
-    - {path: "{{ matrix_bot_matrix_reminder_bot_docker_src_files_path }}", when: true}
+    - {path: "{{ matrix_bot_matrix_reminder_bot_container_src_files_path }}", when: true}
  when: "item.when | bool"

 - name: Ensure matrix-reminder-bot image is pulled
  community.docker.docker_image:
-    name: "{{ matrix_bot_matrix_reminder_bot_docker_image }}"
+    name: "{{ matrix_bot_matrix_reminder_bot_container_image }}"
    source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
-    force_source: "{{ matrix_bot_matrix_reminder_bot_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
-    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_bot_matrix_reminder_bot_docker_image_force_pull }}"
+    force_source: "{{ matrix_bot_matrix_reminder_bot_container_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
+    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_bot_matrix_reminder_bot_container_image_force_pull }}"
  when: "not matrix_bot_matrix_reminder_bot_container_image_self_build | bool"
  register: matrix_bot_matrix_reminder_bot_container_image_pull_result
  retries: "{{ devture_playbook_help_container_retries_count }}"
@@ -66,9 +66,9 @@

 - name: Ensure matrix-reminder-bot repository is present on self-build
  ansible.builtin.git:
-    repo: "{{ matrix_bot_matrix_reminder_bot_docker_repo }}"
-    version: "{{ matrix_bot_matrix_reminder_bot_docker_repo_version }}"
-    dest: "{{ matrix_bot_matrix_reminder_bot_docker_src_files_path }}"
+    repo: "{{ matrix_bot_matrix_reminder_bot_container_repo }}"
+    version: "{{ matrix_bot_matrix_reminder_bot_container_repo_version }}"
+    dest: "{{ matrix_bot_matrix_reminder_bot_container_src_files_path }}"
    force: "yes"
  become: true
  become_user: "{{ matrix_user_name }}"
@@ -77,13 +77,13 @@

 - name: Ensure matrix-reminder-bot image is built
  community.docker.docker_image:
-    name: "{{ matrix_bot_matrix_reminder_bot_docker_image }}"
+    name: "{{ matrix_bot_matrix_reminder_bot_container_image }}"
    source: build
    force_source: "{{ matrix_bot_matrix_reminder_bot_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_bot_matrix_reminder_bot_git_pull_results.changed }}"
    build:
      dockerfile: docker/Dockerfile
-      path: "{{ matrix_bot_matrix_reminder_bot_docker_src_files_path }}"
+      path: "{{ matrix_bot_matrix_reminder_bot_container_src_files_path }}"
      pull: true
  when: "matrix_bot_matrix_reminder_bot_container_image_self_build | bool"

@@ -91,7 +91,7 @@
  ansible.builtin.copy:
    content: "{{ matrix_bot_matrix_reminder_bot_configuration | to_nice_yaml(indent=2, width=999999) }}"
    dest: "{{ matrix_bot_matrix_reminder_bot_config_path }}/config.yaml"
-    mode: 0644
+    mode: '0644'
    owner: "{{ matrix_user_name }}"
    group: "{{ matrix_group_name }}"
  register: matrix_bot_matrix_reminder_bot_config_result
@@ -107,7 +107,7 @@
  ansible.builtin.template:
    src: "{{ role_path }}/templates/systemd/matrix-bot-matrix-reminder-bot.service.j2"
    dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-matrix-reminder-bot.service"
-    mode: 0644
+    mode: '0644'
  register: matrix_bot_matrix_reminder_bot_systemd_service_result

 - name: Determine whether matrix-reminder-bot needs a restart
--- a/roles/custom/matrix-bot-matrix-reminder-bot/tasks/validate_config.yml
+++ b/roles/custom/matrix-bot-matrix-reminder-bot/tasks/validate_config.yml
@@ -6,6 +6,24 @@

 ---

+- name: (Deprecation) Catch and report renamed matrix-reminder-bot settings
+  ansible.builtin.fail:
+    msg: >-
+      Your configuration contains a variable, which now has a different name.
+      Please rename the variable (`{{ item.old }}` -> `{{ item.new }}`) on your configuration file (vars.yml).
+  when: "lookup('ansible.builtin.varnames', ('^' + item.old + '$'), wantlist=True) | length > 0"
+  with_items:
+    - {'old': 'matrix_bot_matrix_reminder_bot_container_self_build', 'new': 'matrix_bot_matrix_reminder_bot_container_image_self_build'}
+    - {'old': 'matrix_bot_matrix_reminder_bot_container_image_name_prefix', 'new': 'matrix_bot_matrix_reminder_bot_container_image_registry_prefix'}
+    - {'old': 'matrix_bot_matrix_reminder_bot_docker_image', 'new': 'matrix_bot_matrix_reminder_bot_container_image'}
+    - {'old': 'matrix_bot_matrix_reminder_bot_docker_image_force_pull', 'new': 'matrix_bot_matrix_reminder_bot_container_image_force_pull'}
+    - {'old': 'matrix_bot_matrix_reminder_bot_docker_image_registry_prefix', 'new': 'matrix_bot_matrix_reminder_bot_container_image_registry_prefix'}
+    - {'old': 'matrix_bot_matrix_reminder_bot_docker_image_registry_prefix_upstream', 'new': 'matrix_bot_matrix_reminder_bot_container_image_registry_prefix_upstream'}
+    - {'old': 'matrix_bot_matrix_reminder_bot_docker_image_registry_prefix_upstream_default', 'new': 'matrix_bot_matrix_reminder_bot_container_image_registry_prefix_upstream_default'}
+    - {'old': 'matrix_bot_matrix_reminder_bot_docker_repo', 'new': 'matrix_bot_matrix_reminder_bot_container_repo'}
+    - {'old': 'matrix_bot_matrix_reminder_bot_docker_repo_version', 'new': 'matrix_bot_matrix_reminder_bot_container_repo_version'}
+    - {'old': 'matrix_bot_matrix_reminder_bot_docker_src_files_path', 'new': 'matrix_bot_matrix_reminder_bot_container_src_files_path'}
+
 - name: Fail if required matrix-reminder-bot settings not defined
  ansible.builtin.fail:
    msg: >-
@@ -17,13 +35,3 @@
    - {'name': 'matrix_bot_matrix_reminder_bot_container_network', when: true}
    - {'name': 'matrix_bot_matrix_reminder_bot_matrix_homeserver_url', when: true}
    - {'name': 'matrix_bot_matrix_reminder_bot_database_hostname', when: "{{ matrix_bot_matrix_reminder_bot_database_engine == 'postgres' }}"}
-
- name: (Deprecation) Catch and report renamed matrix-reminder-bot settings
-  ansible.builtin.fail:
-    msg: >-
-      Your configuration contains a variable, which now has a different name.
-      Please rename the variable (`{{ item.old }}` -> `{{ item.new }}`) on your configuration file (vars.yml).
-  when: "lookup('ansible.builtin.varnames', ('^' + item.old + '$'), wantlist=True) | length > 0"
-  with_items:
-    - {'old': 'matrix_bot_matrix_reminder_bot_container_self_build', 'new': 'matrix_bot_matrix_reminder_bot_container_image_self_build'}
-    - {'old': 'matrix_bot_matrix_reminder_bot_container_image_name_prefix', 'new': 'matrix_bot_matrix_reminder_bot_container_image_registry_prefix'}
--- a/roles/custom/matrix-bot-matrix-reminder-bot/templates/systemd/matrix-bot-matrix-reminder-bot.service.j2
+++ b/roles/custom/matrix-bot-matrix-reminder-bot/templates/systemd/matrix-bot-matrix-reminder-bot.service.j2
@@ -31,7 +31,7 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \
 			{% for arg in matrix_bot_matrix_reminder_bot_container_extra_arguments %}
 			{{ arg }} \
 			{% endfor %}
-			{{ matrix_bot_matrix_reminder_bot_docker_image }} \
+			{{ matrix_bot_matrix_reminder_bot_container_image }} \
 			-c "matrix-reminder-bot /config/config.yaml"

 {% for network in matrix_bot_matrix_reminder_bot_container_additional_networks %}
--- a/roles/custom/matrix-bot-maubot/defaults/main.yml
+++ b/roles/custom/matrix-bot-maubot/defaults/main.yml
@@ -26,37 +26,37 @@ matrix_bot_maubot_hostname: ''
 matrix_bot_maubot_path_prefix: /_matrix/maubot

 matrix_bot_maubot_container_image_self_build: false
-matrix_bot_maubot_docker_repo: "https://mau.dev/maubot/maubot.git"
-matrix_bot_maubot_docker_repo_version: "{{ 'master' if matrix_bot_maubot_version == 'latest' else matrix_bot_maubot_version }}"
+matrix_bot_maubot_container_repo: "https://mau.dev/maubot/maubot.git"
+matrix_bot_maubot_container_repo_version: "{{ 'master' if matrix_bot_maubot_version == 'latest' else matrix_bot_maubot_version }}"

 # renovate: datasource=docker depName=dock.mau.dev/maubot/maubot
 matrix_bot_maubot_version: v0.6.0
-matrix_bot_maubot_docker_image: "{{ matrix_bot_maubot_docker_image_registry_prefix }}maubot/maubot:{{ matrix_bot_maubot_version }}"
-matrix_bot_maubot_docker_image_registry_prefix: "{{ 'localhost/' if matrix_bot_maubot_container_image_self_build else matrix_bot_maubot_docker_image_registry_prefix_upstream }}"
-matrix_bot_maubot_docker_image_registry_prefix_upstream: "{{ matrix_bot_maubot_docker_image_registry_prefix_upstream_default }}"
-matrix_bot_maubot_docker_image_registry_prefix_upstream_default: "dock.mau.dev/"
-matrix_bot_maubot_docker_image_force_pull: "{{ matrix_bot_maubot_docker_image.endswith(':latest') }}"
+matrix_bot_maubot_container_image: "{{ matrix_bot_maubot_container_image_registry_prefix }}maubot/maubot:{{ matrix_bot_maubot_version }}"
+matrix_bot_maubot_container_image_registry_prefix: "{{ 'localhost/' if matrix_bot_maubot_container_image_self_build else matrix_bot_maubot_container_image_registry_prefix_upstream }}"
+matrix_bot_maubot_container_image_registry_prefix_upstream: "{{ matrix_bot_maubot_container_image_registry_prefix_upstream_default }}"
+matrix_bot_maubot_container_image_registry_prefix_upstream_default: "dock.mau.dev/"
+matrix_bot_maubot_container_image_force_pull: "{{ matrix_bot_maubot_container_image.endswith(':latest') }}"

-# matrix_bot_maubot_docker_image_customized is the name of the locally built maubot image
+# matrix_bot_maubot_container_image_customized is the name of the locally built maubot image
 # which adds various customizations on top of the original (upstream) maubot image.
-# This image will be based on the upstream `matrix_bot_maubot_docker_image` image, only if `matrix_bot_maubot_container_image_customizations_enabled: true`.
-matrix_bot_maubot_docker_image_customized: "localhost/maubot/maubot:{{ matrix_bot_maubot_version }}-customized"
+# This image will be based on the upstream `matrix_bot_maubot_container_image` image, only if `matrix_bot_maubot_container_image_customizations_enabled: true`.
+matrix_bot_maubot_container_image_customized: "localhost/maubot/maubot:{{ matrix_bot_maubot_version }}-customized"

-# Controls whether the customized image (`matrix_bot_maubot_docker_image_customized`) is to be force-built without layer caching enabled.
-matrix_bot_maubot_docker_image_customized_build_nocache: false
+# Controls whether the customized image (`matrix_bot_maubot_container_image_customized`) is to be force-built without layer caching enabled.
+matrix_bot_maubot_container_image_customized_build_nocache: false

-# Controls whether the customized image (`matrix_bot_maubot_docker_image_customized`) is to be built, even if it already exists.
-# Related to: matrix_bot_maubot_docker_image_customized_build_nocache
-matrix_bot_maubot_docker_image_customized_force_source: "{{ matrix_bot_maubot_docker_image_customized_build_nocache }}"
+# Controls whether the customized image (`matrix_bot_maubot_container_image_customized`) is to be built, even if it already exists.
+# Related to: matrix_bot_maubot_container_image_customized_build_nocache
+matrix_bot_maubot_container_image_customized_force_source: "{{ matrix_bot_maubot_container_image_customized_build_nocache }}"

-# matrix_bot_maubot_docker_image_final holds the name of the maubot image to run depending on whether or not customizations are enabled.
-matrix_bot_maubot_docker_image_final: "{{ matrix_bot_maubot_docker_image_customized if matrix_bot_maubot_container_image_customizations_enabled else matrix_bot_maubot_docker_image }} "
+# matrix_bot_maubot_container_image_final holds the name of the maubot image to run depending on whether or not customizations are enabled.
+matrix_bot_maubot_container_image_final: "{{ matrix_bot_maubot_container_image_customized if matrix_bot_maubot_container_image_customizations_enabled else matrix_bot_maubot_container_image }} "

 matrix_bot_maubot_base_path: "{{ matrix_base_data_path }}/maubot"
 matrix_bot_maubot_data_path: "{{ matrix_bot_maubot_base_path }}/data"
 matrix_bot_maubot_config_path: "{{ matrix_bot_maubot_base_path }}/config"
-matrix_bot_maubot_docker_src_files_path: "{{ matrix_bot_maubot_base_path }}/docker-src"
-matrix_bot_maubot_customized_docker_src_files_path: "{{ matrix_bot_maubot_base_path }}/customized-docker-src"
+matrix_bot_maubot_container_src_files_path: "{{ matrix_bot_maubot_base_path }}/docker-src"
+matrix_bot_maubot_customized_container_src_files_path: "{{ matrix_bot_maubot_base_path }}/customized-docker-src"

 matrix_bot_maubot_bot_server_public_url: "{{ matrix_bot_maubot_scheme }}://{{ matrix_bot_maubot_hostname }}"
 matrix_bot_maubot_bot_server_base_path: "{{ matrix_bot_maubot_path_prefix }}/v1"
@@ -124,12 +124,12 @@ matrix_bot_maubot_container_additional_networks_custom: []
 # See:
 # - `roles/custom/matrix-bot-maubot/templates/maubot/customizations/Dockerfile.j2`
 # - `matrix_bot_maubot_container_image_customizations_dockerfile_body_custom`
-# - `matrix_bot_maubot_docker_image_customized`
-# - `matrix_bot_maubot_docker_image_final`
+# - `matrix_bot_maubot_container_image_customized`
+# - `matrix_bot_maubot_container_image_final`
 matrix_bot_maubot_container_image_customizations_enabled: false

 # matrix_bot_maubot_container_image_customizations_dockerfile_body contains your custom Dockerfile steps
-# for building your customized maubot image based on the original (upstream) image (`matrix_bot_maubot_docker_image`).
+# for building your customized maubot image based on the original (upstream) image (`matrix_bot_maubot_container_image`).
 # A `FROM …` clause is included automatically so you don't have to.
 #
 # For this to take effect, you need to enable customizations (`matrix_bot_maubot_container_image_customizations_enabled: true`).
--- a/roles/custom/matrix-bot-maubot/tasks/setup_install.yml
+++ b/roles/custom/matrix-bot-maubot/tasks/setup_install.yml
@@ -13,7 +13,7 @@
  ansible.builtin.file:
    path: "{{ item.path }}"
    state: directory
-    mode: 0755
+    mode: '0755'
    owner: "{{ matrix_user_name }}"
    group: "{{ matrix_group_name }}"
  with_items:
@@ -23,8 +23,8 @@
    - {path: "{{ matrix_bot_maubot_data_path }}/plugins", when: true}
    - {path: "{{ matrix_bot_maubot_data_path }}/dbs", when: true}
    - {path: "{{ matrix_bot_maubot_data_path }}/trash", when: true}
-    - {path: "{{ matrix_bot_maubot_docker_src_files_path }}", when: "{{ matrix_bot_maubot_container_image_self_build }}"}
-    - {path: "{{ matrix_bot_maubot_customized_docker_src_files_path }}", when: "{{ matrix_bot_maubot_container_image_customizations_enabled }}"}
+    - {path: "{{ matrix_bot_maubot_container_src_files_path }}", when: "{{ matrix_bot_maubot_container_image_self_build }}"}
+    - {path: "{{ matrix_bot_maubot_customized_container_src_files_path }}", when: "{{ matrix_bot_maubot_container_image_customizations_enabled }}"}
  when: "item.when|bool"

 - name: Ensure maubot configuration file created
@@ -38,10 +38,10 @@

 - name: Ensure maubot image is pulled
  community.docker.docker_image:
-    name: "{{ matrix_bot_maubot_docker_image }}"
+    name: "{{ matrix_bot_maubot_container_image }}"
    source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
-    force_source: "{{ matrix_bot_maubot_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
-    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_bot_maubot_docker_image_force_pull }}"
+    force_source: "{{ matrix_bot_maubot_container_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
+    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_bot_maubot_container_image_force_pull }}"
  when: "not matrix_bot_maubot_container_image_self_build|bool"
  register: matrix_bot_maubot_container_image_pull_result
  retries: "{{ devture_playbook_help_container_retries_count }}"
@@ -52,9 +52,9 @@
  block:
    - name: Ensure maubot repository is present on self-build
      ansible.builtin.git:
-        repo: "{{ matrix_bot_maubot_docker_repo }}"
-        version: "{{ matrix_bot_maubot_docker_repo_version }}"
-        dest: "{{ matrix_bot_maubot_docker_src_files_path }}"
+        repo: "{{ matrix_bot_maubot_container_repo }}"
+        version: "{{ matrix_bot_maubot_container_repo_version }}"
+        dest: "{{ matrix_bot_maubot_container_src_files_path }}"
        force: "yes"
      become: true
      become_user: "{{ matrix_user_name }}"
@@ -62,13 +62,13 @@

    - name: Ensure maubot image is built
      community.docker.docker_image:
-        name: "{{ matrix_bot_maubot_docker_image }}"
+        name: "{{ matrix_bot_maubot_container_image }}"
        source: build
        force_source: "{{ matrix_bot_maubot_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
        force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_bot_maubot_git_pull_results.changed }}"
        build:
          dockerfile: Dockerfile
-          path: "{{ matrix_bot_maubot_docker_src_files_path }}"
+          path: "{{ matrix_bot_maubot_container_src_files_path }}"
          pull: true

 - when: "matrix_bot_maubot_container_image_customizations_enabled | bool"
@@ -76,27 +76,27 @@
    - name: Ensure customizations Dockerfile is created
      ansible.builtin.template:
        src: "{{ role_path }}/templates/customizations/Dockerfile.j2"
-        dest: "{{ matrix_bot_maubot_customized_docker_src_files_path }}/Dockerfile"
+        dest: "{{ matrix_bot_maubot_customized_container_src_files_path }}/Dockerfile"
        owner: "{{ matrix_user_name }}"
        group: "{{ matrix_group_name }}"
-        mode: 0640
+        mode: '0640'
      register: matrix_bot_maubot_container_image_customizations_dockerfile_result

    - name: Ensure customized Docker image for maubot is built
      community.docker.docker_image:
-        name: "{{ matrix_bot_maubot_docker_image_customized }}"
+        name: "{{ matrix_bot_maubot_container_image_customized }}"
        source: build
-        force_source: "{{ matrix_bot_maubot_container_image_customizations_dockerfile_result.changed or matrix_bot_maubot_docker_image_customized_force_source }}"
+        force_source: "{{ matrix_bot_maubot_container_image_customizations_dockerfile_result.changed or matrix_bot_maubot_container_image_customized_force_source }}"
        build:
          dockerfile: Dockerfile
-          path: "{{ matrix_bot_maubot_customized_docker_src_files_path }}"
-          nocache: "{{ matrix_bot_maubot_docker_image_customized_build_nocache }}"
+          path: "{{ matrix_bot_maubot_customized_container_src_files_path }}"
+          nocache: "{{ matrix_bot_maubot_container_image_customized_build_nocache }}"

 - name: Ensure maubot support files installed
  ansible.builtin.template:
    src: "{{ role_path }}/templates/{{ item }}.j2"
    dest: "{{ matrix_bot_maubot_base_path }}/{{ item }}"
-    mode: 0640
+    mode: '0640'
    owner: "{{ matrix_user_name }}"
    group: "{{ matrix_group_name }}"
  with_items:
@@ -114,7 +114,7 @@
  ansible.builtin.template:
    src: "{{ role_path }}/templates/systemd/matrix-bot-maubot.service.j2"
    dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-maubot.service"
-    mode: 0644
+    mode: '0644'
  register: matrix_bot_maubot_systemd_service_result

 - name: Determine whether maubot needs a restart
--- a/roles/custom/matrix-bot-maubot/tasks/validate_config.yml
+++ b/roles/custom/matrix-bot-maubot/tasks/validate_config.yml
@@ -18,6 +18,19 @@
    - {'old': 'matrix_bot_maubot_management_interface_http_bind_port', 'new': 'matrix_bot_maubot_container_management_interface_http_bind_port'}
    - {'old': 'matrix_bot_maubot_registration_shared_secret', 'new': 'matrix_bot_maubot_homeserver_secret'}
    - {'old': 'matrix_bot_maubot_container_image_name_prefix', 'new': 'matrix_bot_maubot_container_image_registry_prefix'}
+    - {'old': 'matrix_bot_maubot_docker_image', 'new': 'matrix_bot_maubot_container_image'}
+    - {'old': 'matrix_bot_maubot_docker_image_customized', 'new': 'matrix_bot_maubot_container_image_customized'}
+    - {'old': 'matrix_bot_maubot_docker_image_customized_build_nocache', 'new': 'matrix_bot_maubot_container_image_customized_build_nocache'}
+    - {'old': 'matrix_bot_maubot_docker_image_customized_force_source', 'new': 'matrix_bot_maubot_container_image_customized_force_source'}
+    - {'old': 'matrix_bot_maubot_docker_image_final', 'new': 'matrix_bot_maubot_container_image_final'}
+    - {'old': 'matrix_bot_maubot_docker_image_force_pull', 'new': 'matrix_bot_maubot_container_image_force_pull'}
+    - {'old': 'matrix_bot_maubot_docker_image_registry_prefix', 'new': 'matrix_bot_maubot_container_image_registry_prefix'}
+    - {'old': 'matrix_bot_maubot_docker_image_registry_prefix_upstream', 'new': 'matrix_bot_maubot_container_image_registry_prefix_upstream'}
+    - {'old': 'matrix_bot_maubot_docker_image_registry_prefix_upstream_default', 'new': 'matrix_bot_maubot_container_image_registry_prefix_upstream_default'}
+    - {'old': 'matrix_bot_maubot_docker_repo', 'new': 'matrix_bot_maubot_container_repo'}
+    - {'old': 'matrix_bot_maubot_docker_repo_version', 'new': 'matrix_bot_maubot_container_repo_version'}
+    - {'old': 'matrix_bot_maubot_docker_src_files_path', 'new': 'matrix_bot_maubot_container_src_files_path'}
+    - {'old': 'matrix_bot_maubot_customized_docker_src_files_path', 'new': 'matrix_bot_maubot_customized_container_src_files_path'}

 - name: Fail if required maubot settings not defined
  ansible.builtin.fail:
--- a/roles/custom/matrix-bot-maubot/templates/customizations/Dockerfile.j2
+++ b/roles/custom/matrix-bot-maubot/templates/customizations/Dockerfile.j2
@@ -1,4 +1,4 @@
 #jinja2: lstrip_blocks: True
-FROM {{ matrix_bot_maubot_docker_image }}
+FROM {{ matrix_bot_maubot_container_image }}

 {{ matrix_bot_maubot_container_image_customizations_dockerfile_body_custom }}
--- a/roles/custom/matrix-bot-maubot/templates/systemd/matrix-bot-maubot.service.j2
+++ b/roles/custom/matrix-bot-maubot/templates/systemd/matrix-bot-maubot.service.j2
@@ -38,7 +38,7 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \
 			{% if matrix_bot_maubot_container_management_interface_http_bind_port %}
 			-p {{ matrix_bot_maubot_container_management_interface_http_bind_port }}:{{ matrix_bot_maubot_server_port }} \
 			{% endif %}
-			{{ matrix_bot_maubot_docker_image_final }} \
+			{{ matrix_bot_maubot_container_image_final }} \
 			python3 -m maubot -c /config/config.yaml --no-update

 {% for network in matrix_bot_maubot_container_additional_networks %}
--- a/roles/custom/matrix-bot-mjolnir/defaults/main.yml
+++ b/roles/custom/matrix-bot-mjolnir/defaults/main.yml
@@ -17,21 +17,21 @@
 matrix_bot_mjolnir_enabled: true

 # renovate: datasource=docker depName=matrixdotorg/mjolnir
-matrix_bot_mjolnir_version: "v1.11.0"
+matrix_bot_mjolnir_version: "v1.12.0"

 matrix_bot_mjolnir_container_image_self_build: false
 matrix_bot_mjolnir_container_image_self_build_repo: "https://github.com/matrix-org/mjolnir.git"

-matrix_bot_mjolnir_docker_image: "{{ matrix_bot_mjolnir_docker_image_registry_prefix }}matrixdotorg/mjolnir:{{ matrix_bot_mjolnir_version }}"
-matrix_bot_mjolnir_docker_image_registry_prefix: "{{ 'localhost/' if matrix_bot_mjolnir_container_image_self_build else matrix_bot_mjolnir_docker_image_registry_prefix_upstream }}"
-matrix_bot_mjolnir_docker_image_registry_prefix_upstream: "{{ matrix_bot_mjolnir_docker_image_registry_prefix_upstream_default }}"
-matrix_bot_mjolnir_docker_image_registry_prefix_upstream_default: "docker.io/"
-matrix_bot_mjolnir_docker_image_force_pull: "{{ matrix_bot_mjolnir_docker_image.endswith(':latest') }}"
+matrix_bot_mjolnir_container_image: "{{ matrix_bot_mjolnir_container_image_registry_prefix }}matrixdotorg/mjolnir:{{ matrix_bot_mjolnir_version }}"
+matrix_bot_mjolnir_container_image_registry_prefix: "{{ 'localhost/' if matrix_bot_mjolnir_container_image_self_build else matrix_bot_mjolnir_container_image_registry_prefix_upstream }}"
+matrix_bot_mjolnir_container_image_registry_prefix_upstream: "{{ matrix_bot_mjolnir_container_image_registry_prefix_upstream_default }}"
+matrix_bot_mjolnir_container_image_registry_prefix_upstream_default: "docker.io/"
+matrix_bot_mjolnir_container_image_force_pull: "{{ matrix_bot_mjolnir_container_image.endswith(':latest') }}"

 matrix_bot_mjolnir_base_path: "{{ matrix_base_data_path }}/mjolnir"
 matrix_bot_mjolnir_config_path: "{{ matrix_bot_mjolnir_base_path }}/config"
 matrix_bot_mjolnir_data_path: "{{ matrix_bot_mjolnir_base_path }}/data"
-matrix_bot_mjolnir_docker_src_files_path: "{{ matrix_bot_mjolnir_base_path }}/docker-src"
+matrix_bot_mjolnir_container_src_files_path: "{{ matrix_bot_mjolnir_base_path }}/docker-src"

 matrix_bot_mjolnir_container_network: ""

--- a/roles/custom/matrix-bot-mjolnir/tasks/setup_install.yml
+++ b/roles/custom/matrix-bot-mjolnir/tasks/setup_install.yml
@@ -17,22 +17,22 @@
  ansible.builtin.file:
    path: "{{ item.path }}"
    state: directory
-    mode: 0750
+    mode: '0750'
    owner: "{{ matrix_user_name }}"
    group: "{{ matrix_group_name }}"
  with_items:
    - {path: "{{ matrix_bot_mjolnir_base_path }}", when: true}
    - {path: "{{ matrix_bot_mjolnir_config_path }}", when: true}
    - {path: "{{ matrix_bot_mjolnir_data_path }}", when: true}
-    - {path: "{{ matrix_bot_mjolnir_docker_src_files_path }}", when: "{{ matrix_bot_mjolnir_container_image_self_build }}"}
+    - {path: "{{ matrix_bot_mjolnir_container_src_files_path }}", when: "{{ matrix_bot_mjolnir_container_image_self_build }}"}
  when: "item.when | bool"

 - name: Ensure mjolnir Docker image is pulled
  community.docker.docker_image:
-    name: "{{ matrix_bot_mjolnir_docker_image }}"
+    name: "{{ matrix_bot_mjolnir_container_image }}"
    source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
-    force_source: "{{ matrix_bot_mjolnir_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
-    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_bot_mjolnir_docker_image_force_pull }}"
+    force_source: "{{ matrix_bot_mjolnir_container_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
+    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_bot_mjolnir_container_image_force_pull }}"
  when: "not matrix_bot_mjolnir_container_image_self_build | bool"
  register: matrix_bot_mjolnir_container_image_pull_result
  retries: "{{ devture_playbook_help_container_retries_count }}"
@@ -42,8 +42,8 @@
 - name: Ensure mjolnir repository is present on self-build
  ansible.builtin.git:
    repo: "{{ matrix_bot_mjolnir_container_image_self_build_repo }}"
-    dest: "{{ matrix_bot_mjolnir_docker_src_files_path }}"
-    version: "{{ matrix_bot_mjolnir_docker_image.split(':')[1] }}"
+    dest: "{{ matrix_bot_mjolnir_container_src_files_path }}"
+    version: "{{ matrix_bot_mjolnir_container_image.split(':')[1] }}"
    force: "yes"
  become: true
  become_user: "{{ matrix_user_name }}"
@@ -52,12 +52,12 @@

 - name: Ensure mjolnir Docker image is built
  community.docker.docker_image:
-    name: "{{ matrix_bot_mjolnir_docker_image }}"
+    name: "{{ matrix_bot_mjolnir_container_image }}"
    source: build
    force_source: "{{ matrix_bot_mjolnir_git_pull_results.changed }}"
    build:
      dockerfile: Dockerfile
-      path: "{{ matrix_bot_mjolnir_docker_src_files_path }}"
+      path: "{{ matrix_bot_mjolnir_container_src_files_path }}"
      pull: true
  when: "matrix_bot_mjolnir_container_image_self_build | bool"

@@ -65,7 +65,7 @@
  ansible.builtin.copy:
    content: "{{ matrix_bot_mjolnir_configuration | to_nice_yaml(indent=2, width=999999) }}"
    dest: "{{ matrix_bot_mjolnir_config_path }}/production.yaml"
-    mode: 0644
+    mode: '0644'
    owner: "{{ matrix_user_name }}"
    group: "{{ matrix_group_name }}"
  register: matrix_bot_mjolnir_config_result
@@ -81,7 +81,7 @@
  ansible.builtin.template:
    src: "{{ role_path }}/templates/systemd/matrix-bot-mjolnir.service.j2"
    dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-mjolnir.service"
-    mode: 0644
+    mode: '0644'
  register: matrix_bot_mjolnir_systemd_service_result

 - name: Determine whether Mjolnir needs a restart
--- a/roles/custom/matrix-bot-mjolnir/tasks/validate_config.yml
+++ b/roles/custom/matrix-bot-mjolnir/tasks/validate_config.yml
@@ -7,6 +7,21 @@

 ---

+- name: (Deprecation) Catch and report renamed Mjolnir settings
+  ansible.builtin.fail:
+    msg: >-
+      Your configuration contains a variable, which now has a different name.
+      Please rename the variable (`{{ item.old }}` -> `{{ item.new }}`) on your configuration file (vars.yml).
+  when: "lookup('ansible.builtin.varnames', ('^' + item.old + '$'), wantlist=True) | length > 0"
+  with_items:
+    - {'old': 'matrix_bot_mjolnir_container_image_name_prefix', 'new': 'matrix_bot_mjolnir_container_image_registry_prefix'}
+    - {'old': 'matrix_bot_mjolnir_docker_image', 'new': 'matrix_bot_mjolnir_container_image'}
+    - {'old': 'matrix_bot_mjolnir_docker_image_force_pull', 'new': 'matrix_bot_mjolnir_container_image_force_pull'}
+    - {'old': 'matrix_bot_mjolnir_docker_image_registry_prefix', 'new': 'matrix_bot_mjolnir_container_image_registry_prefix'}
+    - {'old': 'matrix_bot_mjolnir_docker_image_registry_prefix_upstream', 'new': 'matrix_bot_mjolnir_container_image_registry_prefix_upstream'}
+    - {'old': 'matrix_bot_mjolnir_docker_image_registry_prefix_upstream_default', 'new': 'matrix_bot_mjolnir_container_image_registry_prefix_upstream_default'}
+    - {'old': 'matrix_bot_mjolnir_docker_src_files_path', 'new': 'matrix_bot_mjolnir_container_src_files_path'}
+
 - name: Fail if required matrix-bot-mjolnir variables are undefined
  ansible.builtin.fail:
    msg: "The `{{ item.name }}` variable must be defined and have a non-null value."
@@ -26,12 +41,3 @@
  with_items:
    - {'name': 'matrix_bot_mjolnir_access_token', when: "{{ matrix_bot_mjolnir_pantalaimon_use }}"}
  when: "item.when | bool and not (lookup('vars', item.name, default='') == '' or lookup('vars', item.name, default='') is none)"
-
- name: (Deprecation) Catch and report renamed Mjolnir settings
-  ansible.builtin.fail:
-    msg: >-
-      Your configuration contains a variable, which now has a different name.
-      Please rename the variable (`{{ item.old }}` -> `{{ item.new }}`) on your configuration file (vars.yml).
-  when: "lookup('ansible.builtin.varnames', ('^' + item.old + '$'), wantlist=True) | length > 0"
-  with_items:
-    - {'old': 'matrix_bot_mjolnir_container_image_name_prefix', 'new': 'matrix_bot_mjolnir_container_image_registry_prefix'}
--- a/roles/custom/matrix-bot-mjolnir/templates/systemd/matrix-bot-mjolnir.service.j2
+++ b/roles/custom/matrix-bot-mjolnir/templates/systemd/matrix-bot-mjolnir.service.j2
@@ -29,7 +29,7 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \
 			{% for arg in matrix_bot_mjolnir_container_extra_arguments %}
 			{{ arg }} \
 			{% endfor %}
-			{{ matrix_bot_mjolnir_docker_image }} \
+			{{ matrix_bot_mjolnir_container_image }} \
 			bot --mjolnir-config /data/config/production.yaml

 {% for network in matrix_bot_mjolnir_container_additional_networks %}
--- a/roles/custom/matrix-bridge-appservice-discord/defaults/main.yml
+++ b/roles/custom/matrix-bridge-appservice-discord/defaults/main.yml
@@ -20,11 +20,11 @@ matrix_appservice_discord_container_image_self_build: false

 # renovate: datasource=docker depName=ghcr.io/matrix-org/matrix-appservice-discord
 matrix_appservice_discord_version: v4.0.0
-matrix_appservice_discord_docker_image: "{{ matrix_appservice_discord_docker_image_registry_prefix }}matrix-org/matrix-appservice-discord:{{ matrix_appservice_discord_version }}"
-matrix_appservice_discord_docker_image_registry_prefix: "{{ 'localhost/' if matrix_appservice_discord_container_image_self_build else matrix_appservice_discord_docker_image_registry_prefix_upstream }}"
-matrix_appservice_discord_docker_image_registry_prefix_upstream: "{{ matrix_appservice_discord_docker_image_registry_prefix_upstream_default }}"
-matrix_appservice_discord_docker_image_registry_prefix_upstream_default: "ghcr.io/"
-matrix_appservice_discord_docker_image_force_pull: "{{ matrix_appservice_discord_docker_image.endswith(':latest') }}"
+matrix_appservice_discord_container_image: "{{ matrix_appservice_discord_container_image_registry_prefix }}matrix-org/matrix-appservice-discord:{{ matrix_appservice_discord_version }}"
+matrix_appservice_discord_container_image_registry_prefix: "{{ 'localhost/' if matrix_appservice_discord_container_image_self_build else matrix_appservice_discord_container_image_registry_prefix_upstream }}"
+matrix_appservice_discord_container_image_registry_prefix_upstream: "{{ matrix_appservice_discord_container_image_registry_prefix_upstream_default }}"
+matrix_appservice_discord_container_image_registry_prefix_upstream_default: "ghcr.io/"
+matrix_appservice_discord_container_image_force_pull: "{{ matrix_appservice_discord_container_image.endswith(':latest') }}"

 matrix_appservice_discord_base_path: "{{ matrix_base_data_path }}/appservice-discord"
 matrix_appservice_discord_config_path: "{{ matrix_base_data_path }}/appservice-discord/config"
--- a/roles/custom/matrix-bridge-appservice-discord/tasks/setup_install.yml
+++ b/roles/custom/matrix-bridge-appservice-discord/tasks/setup_install.yml
@@ -42,10 +42,10 @@

 - name: Ensure Appservice Discord image is pulled
  community.docker.docker_image:
-    name: "{{ matrix_appservice_discord_docker_image }}"
+    name: "{{ matrix_appservice_discord_container_image }}"
    source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
-    force_source: "{{ matrix_appservice_discord_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
-    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_appservice_discord_docker_image_force_pull }}"
+    force_source: "{{ matrix_appservice_discord_container_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
+    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_appservice_discord_container_image_force_pull }}"
  register: matrix_appservice_discord_container_image_pull_result
  retries: "{{ devture_playbook_help_container_retries_count }}"
  delay: "{{ devture_playbook_help_container_retries_delay }}"
@@ -55,7 +55,7 @@
  ansible.builtin.file:
    path: "{{ item }}"
    state: directory
-    mode: 0750
+    mode: '0750'
    owner: "{{ matrix_user_name }}"
    group: "{{ matrix_group_name }}"
  with_items:
@@ -92,7 +92,7 @@
  ansible.builtin.copy:
    content: "{{ matrix_appservice_discord_configuration | to_nice_yaml(indent=2, width=999999) }}"
    dest: "{{ matrix_appservice_discord_config_path }}/config.yaml"
-    mode: 0644
+    mode: '0644'
    owner: "{{ matrix_user_name }}"
    group: "{{ matrix_group_name }}"
  register: matrix_appservice_discord_config_result
@@ -101,7 +101,7 @@
  ansible.builtin.copy:
    content: "{{ matrix_appservice_discord_registration | to_nice_yaml(indent=2, width=999999) }}"
    dest: "{{ matrix_appservice_discord_config_path }}/registration.yaml"
-    mode: 0644
+    mode: '0644'
    owner: "{{ matrix_user_name }}"
    group: "{{ matrix_group_name }}"
  register: matrix_appservice_discord_registration_result
@@ -115,7 +115,7 @@
    --cap-drop=ALL
    --mount type=bind,src={{ matrix_appservice_discord_config_path }},dst=/cfg
    -w /cfg
-    {{ matrix_appservice_discord_docker_image }}
+    {{ matrix_appservice_discord_container_image }}
    /bin/sh -c "node /build/tools/addbot.js > /cfg/invite_link"
  changed_when: false

@@ -130,7 +130,7 @@
  ansible.builtin.template:
    src: "{{ role_path }}/templates/systemd/matrix-appservice-discord.service.j2"
    dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-appservice-discord.service"
-    mode: 0644
+    mode: '0644'
  register: matrix_appservice_discord_systemd_service_result

 - name: Determine whether matrix-appservice-discord needs a restart
--- a/roles/custom/matrix-bridge-appservice-discord/tasks/validate_config.yml
+++ b/roles/custom/matrix-bridge-appservice-discord/tasks/validate_config.yml
@@ -5,6 +5,21 @@

 ---

+- name: (Deprecation) Catch and report renamed appservice-discord variables
+  ansible.builtin.fail:
+    msg: >-
+      Your configuration contains a variable, which now has a different name.
+      Please rename the variable (`{{ item.old }}` -> `{{ item.new }}`) on your configuration file (vars.yml).
+  when: "lookup('ansible.builtin.varnames', ('^' + item.old + '$'), wantlist=True) | length > 0"
+  with_items:
+    - {'old': 'matrix_appservice_discord_container_expose_client_server_api_port', 'new': '<superseded by matrix_appservice_discord_container_http_host_bind_port>'}
+    - {'old': 'matrix_appservice_discord_container_image_name_prefix', 'new': 'matrix_appservice_discord_container_image_registry_prefix'}
+    - {'old': 'matrix_appservice_discord_docker_image', 'new': 'matrix_appservice_discord_container_image'}
+    - {'old': 'matrix_appservice_discord_docker_image_force_pull', 'new': 'matrix_appservice_discord_container_image_force_pull'}
+    - {'old': 'matrix_appservice_discord_docker_image_registry_prefix', 'new': 'matrix_appservice_discord_container_image_registry_prefix'}
+    - {'old': 'matrix_appservice_discord_docker_image_registry_prefix_upstream', 'new': 'matrix_appservice_discord_container_image_registry_prefix_upstream'}
+    - {'old': 'matrix_appservice_discord_docker_image_registry_prefix_upstream_default', 'new': 'matrix_appservice_discord_container_image_registry_prefix_upstream_default'}
+
 - name: Fail if required appservice-discord settings not defined
  ansible.builtin.fail:
    msg: >-
@@ -19,16 +34,6 @@
    - {'name': 'matrix_appservice_discord_container_network', when: true}
    - {'name': 'matrix_appservice_discord_database_hostname', when: "{{ matrix_appservice_discord_database_engine == 'postgres' }}"}

- name: (Deprecation) Catch and report renamed appservice-discord variables
-  ansible.builtin.fail:
-    msg: >-
-      Your configuration contains a variable, which now has a different name.
-      Please rename the variable (`{{ item.old }}` -> `{{ item.new }}`) on your configuration file (vars.yml).
-  when: "lookup('ansible.builtin.varnames', ('^' + item.old + '$'), wantlist=True) | length > 0"
-  with_items:
-    - {'old': 'matrix_appservice_discord_container_expose_client_server_api_port', 'new': '<superseded by matrix_appservice_discord_container_http_host_bind_port>'}
-    - {'old': 'matrix_appservice_discord_container_image_name_prefix', 'new': 'matrix_appservice_discord_docker_image_registry_prefix'}
-
 - name: Require a valid database engine
  ansible.builtin.fail:
    msg: "`matrix_appservice_discord_database_engine` needs to be either 'sqlite' or 'postgres'"
--- a/roles/custom/matrix-bridge-appservice-discord/templates/systemd/matrix-appservice-discord.service.j2
+++ b/roles/custom/matrix-bridge-appservice-discord/templates/systemd/matrix-appservice-discord.service.j2
@@ -31,7 +31,7 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \
 			{% for arg in matrix_appservice_discord_container_extra_arguments %}
 			{{ arg }} \
 			{% endfor %}
-			{{ matrix_appservice_discord_docker_image }} \
+			{{ matrix_appservice_discord_container_image }} \
 			node /build/src/discordas.js -p 9005 -c /cfg/config.yaml -f /cfg/registration.yaml

 {% for network in matrix_appservice_discord_container_additional_networks %}
--- a/roles/custom/matrix-bridge-appservice-irc/defaults/main.yml
+++ b/roles/custom/matrix-bridge-appservice-irc/defaults/main.yml
@@ -26,20 +26,20 @@
 matrix_appservice_irc_enabled: true

 matrix_appservice_irc_container_image_self_build: false
-matrix_appservice_irc_docker_repo: "https://github.com/matrix-org/matrix-appservice-irc.git"
-matrix_appservice_irc_docker_repo_version: "{{ 'master' if matrix_appservice_irc_version == 'latest' else matrix_appservice_irc_version }}"
-matrix_appservice_irc_docker_src_files_path: "{{ matrix_base_data_path }}/appservice-irc/docker-src"
+matrix_appservice_irc_container_repo: "https://github.com/matrix-org/matrix-appservice-irc.git"
+matrix_appservice_irc_container_repo_version: "{{ 'master' if matrix_appservice_irc_version == 'latest' else matrix_appservice_irc_version }}"
+matrix_appservice_irc_container_src_files_path: "{{ matrix_base_data_path }}/appservice-irc/docker-src"

 # matrix_appservice_irc_version used to contain the full Docker image tag (e.g. `release-X.X.X`).
 # It's a bare version number now. We try to somewhat retain compatibility below.
 # renovate: datasource=docker depName=docker.io/matrixdotorg/matrix-appservice-irc
 matrix_appservice_irc_version: 4.0.0
-matrix_appservice_irc_docker_image: "{{ matrix_appservice_irc_docker_image_registry_prefix }}matrixdotorg/matrix-appservice-irc:{{ matrix_appservice_irc_docker_image_tag }}"
-matrix_appservice_irc_docker_image_registry_prefix: "{{ 'localhost/' if matrix_appservice_irc_container_image_self_build else matrix_appservice_irc_docker_image_registry_prefix_upstream }}"
-matrix_appservice_irc_docker_image_registry_prefix_upstream: "{{ matrix_appservice_irc_docker_image_registry_prefix_upstream_default }}"
-matrix_appservice_irc_docker_image_registry_prefix_upstream_default: docker.io/
-matrix_appservice_irc_docker_image_tag: "{{ 'latest' if matrix_appservice_irc_version == 'latest' else ('release-' + matrix_appservice_irc_version) }}"
-matrix_appservice_irc_docker_image_force_pull: "{{ matrix_appservice_irc_docker_image.endswith(':latest') }}"
+matrix_appservice_irc_container_image: "{{ matrix_appservice_irc_container_image_registry_prefix }}matrixdotorg/matrix-appservice-irc:{{ matrix_appservice_irc_container_image_tag }}"
+matrix_appservice_irc_container_image_registry_prefix: "{{ 'localhost/' if matrix_appservice_irc_container_image_self_build else matrix_appservice_irc_container_image_registry_prefix_upstream }}"
+matrix_appservice_irc_container_image_registry_prefix_upstream: "{{ matrix_appservice_irc_container_image_registry_prefix_upstream_default }}"
+matrix_appservice_irc_container_image_registry_prefix_upstream_default: docker.io/
+matrix_appservice_irc_container_image_tag: "{{ 'latest' if matrix_appservice_irc_version == 'latest' else ('release-' + matrix_appservice_irc_version) }}"
+matrix_appservice_irc_container_image_force_pull: "{{ matrix_appservice_irc_container_image.endswith(':latest') }}"

 matrix_appservice_irc_base_path: "{{ matrix_base_data_path }}/appservice-irc"
 matrix_appservice_irc_config_path: "{{ matrix_appservice_irc_base_path }}/config"
--- a/roles/custom/matrix-bridge-appservice-irc/tasks/migrate_nedb_to_postgres.yml
+++ b/roles/custom/matrix-bridge-appservice-irc/tasks/migrate_nedb_to_postgres.yml
@@ -58,7 +58,7 @@
      {% endif %}
      --mount type=bind,src={{ matrix_appservice_irc_data_path }},dst=/data
      --entrypoint=/bin/sh
-      {{ matrix_appservice_irc_docker_image }}
+      {{ matrix_appservice_irc_container_image }}
      -c
      '/usr/local/bin/node /app/lib/scripts/migrate-db-to-pgres.js --dbdir /data --privateKey /data/passkey.pem --connectionString {{ matrix_appservice_irc_database_connection_string }}'
  register: matrix_appservice_irc_import_nedb_to_postgres_result
--- a/roles/custom/matrix-bridge-appservice-irc/tasks/setup_install.yml
+++ b/roles/custom/matrix-bridge-appservice-irc/tasks/setup_install.yml
@@ -22,14 +22,14 @@
  ansible.builtin.file:
    path: "{{ item.path }}"
    state: directory
-    mode: 0750
+    mode: '0750'
    owner: "{{ matrix_user_name }}"
    group: "{{ matrix_group_name }}"
  with_items:
    - {path: "{{ matrix_appservice_irc_base_path }}", when: true}
    - {path: "{{ matrix_appservice_irc_config_path }}", when: true}
    - {path: "{{ matrix_appservice_irc_data_path }}", when: true}
-    - {path: "{{ matrix_appservice_irc_docker_src_files_path }}", when: "{{ matrix_appservice_irc_container_image_self_build }}"}
+    - {path: "{{ matrix_appservice_irc_container_src_files_path }}", when: "{{ matrix_appservice_irc_container_image_self_build }}"}
  when: item.when | bool

 - name: Check if an old passkey file already exists
@@ -81,10 +81,10 @@

 - name: Ensure Appservice IRC image is pulled
  community.docker.docker_image:
-    name: "{{ matrix_appservice_irc_docker_image }}"
+    name: "{{ matrix_appservice_irc_container_image }}"
    source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
-    force_source: "{{ matrix_appservice_irc_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
-    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_appservice_irc_docker_image_force_pull }}"
+    force_source: "{{ matrix_appservice_irc_container_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
+    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_appservice_irc_container_image_force_pull }}"
  when: "matrix_appservice_irc_enabled | bool and not matrix_appservice_irc_container_image_self_build | bool"
  register: matrix_appservice_irc_container_image_pull_result
  retries: "{{ devture_playbook_help_container_retries_count }}"
@@ -93,9 +93,9 @@

 - name: Ensure matrix-appservice-irc repository is present when self-building
  ansible.builtin.git:
-    repo: "{{ matrix_appservice_irc_docker_repo }}"
-    version: "{{ matrix_appservice_irc_docker_repo_version }}"
-    dest: "{{ matrix_appservice_irc_docker_src_files_path }}"
+    repo: "{{ matrix_appservice_irc_container_repo }}"
+    version: "{{ matrix_appservice_irc_container_repo_version }}"
+    dest: "{{ matrix_appservice_irc_container_src_files_path }}"
    force: "yes"
  become: true
  become_user: "{{ matrix_user_name }}"
@@ -104,13 +104,13 @@

 - name: Ensure matrix-appservice-irc Docker image is built
  community.docker.docker_image:
-    name: "{{ matrix_appservice_irc_docker_image }}"
+    name: "{{ matrix_appservice_irc_container_image }}"
    source: build
    force_source: "{{ matrix_appservice_irc_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_appservice_irc_git_pull_results.changed }}"
    build:
      dockerfile: Dockerfile
-      path: "{{ matrix_appservice_irc_docker_src_files_path }}"
+      path: "{{ matrix_appservice_irc_container_src_files_path }}"
      pull: true
  when: "matrix_appservice_irc_enabled | bool and matrix_appservice_irc_container_image_self_build | bool and matrix_appservice_irc_git_pull_results.changed"

@@ -118,7 +118,7 @@
  ansible.builtin.copy:
    content: "{{ matrix_appservice_irc_configuration | to_nice_yaml(indent=2, width=999999) }}"
    dest: "{{ matrix_appservice_irc_config_path }}/config.yaml"
-    mode: 0644
+    mode: '0644'
    owner: "{{ matrix_user_name }}"
    group: "{{ matrix_group_name }}"
  register: matrix_appservice_irc_config_result
@@ -127,7 +127,7 @@
  ansible.builtin.template:
    src: "{{ role_path }}/templates/labels.j2"
    dest: "{{ matrix_appservice_irc_base_path }}/labels"
-    mode: 0644
+    mode: '0644'
    owner: "{{ matrix_user_name }}"
    group: "{{ matrix_group_name }}"
  register: matrix_appservice_irc_labels_result
@@ -149,7 +149,7 @@
    - name: Generate IRC appservice signing key for authenticated media
      community.docker.docker_container:
        name: "create-auth-media-jwk-key"
-        image: "{{ matrix_appservice_irc_docker_image }}"
+        image: "{{ matrix_appservice_irc_container_image }}"
        cleanup: true
        network_mode: none
        entrypoint: "/usr/local/bin/node"
@@ -179,7 +179,7 @@
 - name: (Migration) Ensure Appservice IRC passkey permissions are okay
  ansible.builtin.file:
    path: "{{ matrix_appservice_irc_data_path }}/passkey.pem"
-    mode: 0644
+    mode: '0644'
    owner: "{{ matrix_user_name }}"
    group: "{{ matrix_group_name }}"

@@ -210,7 +210,7 @@
    --mount type=bind,src={{ matrix_appservice_irc_config_path }},dst=/config
    --mount type=bind,src={{ matrix_appservice_irc_data_path }},dst=/data
    --entrypoint=/bin/bash
-    {{ matrix_appservice_irc_docker_image }}
+    {{ matrix_appservice_irc_container_image }}
    -c
    'node app.js
    -r
@@ -243,7 +243,7 @@
  ansible.builtin.copy:
    content: "{{ matrix_appservice_irc_registration | to_nice_yaml(indent=2, width=999999) }}"
    dest: "{{ matrix_appservice_irc_config_path }}/registration.yaml"
-    mode: 0644
+    mode: '0644'
    owner: "{{ matrix_user_name }}"
    group: "{{ matrix_group_name }}"
  register: matrix_appservice_irc_registration_result
@@ -259,7 +259,7 @@
  ansible.builtin.template:
    src: "{{ role_path }}/templates/systemd/matrix-appservice-irc.service.j2"
    dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-appservice-irc.service"
-    mode: 0644
+    mode: '0644'
  register: matrix_appservice_irc_systemd_service_result

 - name: Determine whether matrix-appservice-irc needs a restart
--- a/roles/custom/matrix-bridge-appservice-irc/tasks/validate_config.yml
+++ b/roles/custom/matrix-bridge-appservice-irc/tasks/validate_config.yml
@@ -6,6 +6,27 @@

 ---

+- name: (Deprecation) Catch and report renamed appservice-irc variables
+  ansible.builtin.fail:
+    msg: >-
+      Your configuration contains a variable, which now has a different name.
+      Please rename the variable (`{{ item.old }}` -> `{{ item.new }}`) on your configuration file (vars.yml).
+  when: "lookup('ansible.builtin.varnames', ('^' + item.old + '$'), wantlist=True) | length > 0"
+  with_items:
+    - {'old': 'matrix_appservice_irc_container_expose_client_server_api_port', 'new': '<superseded by matrix_appservice_irc_container_http_host_bind_port>'}
+    - {'old': 'matrix_appservice_irc_container_self_build', 'new': 'matrix_appservice_irc_container_image_self_build'}
+    - {'old': 'matrix_appservice_irc_docker_image_name_prefix', 'new': 'matrix_appservice_irc_container_image_registry_prefix'}
+    - {'old': 'matrix_appservice_irc_homeserver_media_url', 'new': '<removed; media proxying now uses matrix_appservice_irc_ircService_mediaProxy_publicUrl>'}
+    - {'old': 'matrix_appservice_irc_docker_image', 'new': 'matrix_appservice_irc_container_image'}
+    - {'old': 'matrix_appservice_irc_docker_image_force_pull', 'new': 'matrix_appservice_irc_container_image_force_pull'}
+    - {'old': 'matrix_appservice_irc_docker_image_registry_prefix', 'new': 'matrix_appservice_irc_container_image_registry_prefix'}
+    - {'old': 'matrix_appservice_irc_docker_image_registry_prefix_upstream', 'new': 'matrix_appservice_irc_container_image_registry_prefix_upstream'}
+    - {'old': 'matrix_appservice_irc_docker_image_registry_prefix_upstream_default', 'new': 'matrix_appservice_irc_container_image_registry_prefix_upstream_default'}
+    - {'old': 'matrix_appservice_irc_docker_image_tag', 'new': 'matrix_appservice_irc_container_image_tag'}
+    - {'old': 'matrix_appservice_irc_docker_repo', 'new': 'matrix_appservice_irc_container_repo'}
+    - {'old': 'matrix_appservice_irc_docker_repo_version', 'new': 'matrix_appservice_irc_container_repo_version'}
+    - {'old': 'matrix_appservice_irc_docker_src_files_path', 'new': 'matrix_appservice_irc_container_src_files_path'}
+
 - name: Fail if required appservice-irc settings not defined
  ansible.builtin.fail:
    msg: >-
@@ -25,6 +46,7 @@
 # we'd fail generating the registration.yaml file with a non-helpful error.
 #
 # This is a safety check to ensure we fail earlier and in a nicer way.
+
 - name: Fail if no additional configuration provided
  ansible.builtin.fail:
    msg: >-
@@ -34,18 +56,6 @@
      Overriding the whole bridge's configuration (`matrix_appservice_irc_configuration`) is yet another possibility.
  when: "matrix_appservice_irc_configuration.ircService.servers | length == 0"

- name: (Deprecation) Catch and report renamed appservice-irc variables
-  ansible.builtin.fail:
-    msg: >-
-      Your configuration contains a variable, which now has a different name.
-      Please rename the variable (`{{ item.old }}` -> `{{ item.new }}`) on your configuration file (vars.yml).
-  when: "lookup('ansible.builtin.varnames', ('^' + item.old + '$'), wantlist=True) | length > 0"
-  with_items:
-    - {'old': 'matrix_appservice_irc_container_expose_client_server_api_port', 'new': '<superseded by matrix_appservice_irc_container_http_host_bind_port>'}
-    - {'old': 'matrix_appservice_irc_container_self_build', 'new': 'matrix_appservice_irc_container_image_self_build'}
-    - {'old': 'matrix_appservice_irc_docker_image_name_prefix', 'new': 'matrix_appservice_irc_docker_image_registry_prefix'}
-    - {'old': 'matrix_appservice_irc_homeserver_media_url', 'new': '<removed; media proxying now uses matrix_appservice_irc_ircService_mediaProxy_publicUrl>'}
-
 - name: Fail if matrix_appservice_irc_ircService_mediaProxy_publicUrl_pathPrefix does not start with a slash
  ansible.builtin.fail:
    msg: >-
--- a/roles/custom/matrix-bridge-appservice-irc/templates/systemd/matrix-appservice-irc.service.j2
+++ b/roles/custom/matrix-bridge-appservice-irc/templates/systemd/matrix-appservice-irc.service.j2
@@ -36,7 +36,7 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \
 			{{ arg }} \
 			{% endfor %}
 			--entrypoint=/bin/bash \
-			{{ matrix_appservice_irc_docker_image }} \
+			{{ matrix_appservice_irc_container_image }} \
 			-c 'node app.js -c /config/config.yaml -f /config/registration.yaml -p 9999'

 {% for network in matrix_appservice_irc_container_additional_networks %}
--- a/roles/custom/matrix-bridge-appservice-kakaotalk/defaults/main.yml
+++ b/roles/custom/matrix-bridge-appservice-kakaotalk/defaults/main.yml
@@ -35,23 +35,23 @@ matrix_appservice_kakaotalk_container_image_self_build_repo: "https://src.miscwo
 matrix_appservice_kakaotalk_container_image_self_build_repo_version: "{{ 'master' if matrix_appservice_kakaotalk_version == 'latest' else matrix_appservice_kakaotalk_version }}"

 matrix_appservice_kakaotalk_node_version: "{{ matrix_appservice_kakaotalk_version }}"
-matrix_appservice_kakaotalk_node_docker_image: "{{ matrix_appservice_kakaotalk_node_docker_image_registry_prefix }}fair/matrix-appservice-kakaotalk-node:{{ matrix_appservice_kakaotalk_node_version }}"
-matrix_appservice_kakaotalk_node_docker_image_registry_prefix: "{{ 'localhost/' if matrix_appservice_kakaotalk_container_image_self_build else matrix_appservice_kakaotalk_node_docker_image_registry_prefix_upstream }}"
-matrix_appservice_kakaotalk_node_docker_image_registry_prefix_upstream: "{{ matrix_appservice_kakaotalk_node_docker_image_registry_prefix_upstream_default }}"
-matrix_appservice_kakaotalk_node_docker_image_registry_prefix_upstream_default: ""
-matrix_appservice_kakaotalk_node_docker_image_force_pull: "{{ matrix_appservice_kakaotalk_node_docker_image.endswith(':latest') }}"
+matrix_appservice_kakaotalk_node_container_image: "{{ matrix_appservice_kakaotalk_node_container_image_registry_prefix }}fair/matrix-appservice-kakaotalk-node:{{ matrix_appservice_kakaotalk_node_version }}"
+matrix_appservice_kakaotalk_node_container_image_registry_prefix: "{{ 'localhost/' if matrix_appservice_kakaotalk_container_image_self_build else matrix_appservice_kakaotalk_node_container_image_registry_prefix_upstream }}"
+matrix_appservice_kakaotalk_node_container_image_registry_prefix_upstream: "{{ matrix_appservice_kakaotalk_node_container_image_registry_prefix_upstream_default }}"
+matrix_appservice_kakaotalk_node_container_image_registry_prefix_upstream_default: ""
+matrix_appservice_kakaotalk_node_container_image_force_pull: "{{ matrix_appservice_kakaotalk_node_container_image.endswith(':latest') }}"

 matrix_appservice_kakaotalk_version: 86c038fd2ffee5e0aebf65136f085cce7e38b54e
-matrix_appservice_kakaotalk_docker_image: "{{ matrix_appservice_kakaotalk_docker_image_registry_prefix }}fair/matrix-appservice-kakaotalk:{{ matrix_appservice_kakaotalk_version }}"
-matrix_appservice_kakaotalk_docker_image_registry_prefix: "{{ 'localhost/' if matrix_appservice_kakaotalk_container_image_self_build else matrix_appservice_kakaotalk_docker_image_registry_prefix_upstream }}"
-matrix_appservice_kakaotalk_docker_image_registry_prefix_upstream: "{{ matrix_appservice_kakaotalk_docker_image_registry_prefix_upstream_default }}"
-matrix_appservice_kakaotalk_docker_image_registry_prefix_upstream_default: ""
-matrix_appservice_kakaotalk_docker_image_force_pull: "{{ matrix_appservice_kakaotalk_docker_image.endswith(':latest') }}"
+matrix_appservice_kakaotalk_container_image: "{{ matrix_appservice_kakaotalk_container_image_registry_prefix }}fair/matrix-appservice-kakaotalk:{{ matrix_appservice_kakaotalk_version }}"
+matrix_appservice_kakaotalk_container_image_registry_prefix: "{{ 'localhost/' if matrix_appservice_kakaotalk_container_image_self_build else matrix_appservice_kakaotalk_container_image_registry_prefix_upstream }}"
+matrix_appservice_kakaotalk_container_image_registry_prefix_upstream: "{{ matrix_appservice_kakaotalk_container_image_registry_prefix_upstream_default }}"
+matrix_appservice_kakaotalk_container_image_registry_prefix_upstream_default: ""
+matrix_appservice_kakaotalk_container_image_force_pull: "{{ matrix_appservice_kakaotalk_container_image.endswith(':latest') }}"

 matrix_appservice_kakaotalk_base_path: "{{ matrix_base_data_path }}/appservice-kakaotalk"
 matrix_appservice_kakaotalk_config_path: "{{ matrix_appservice_kakaotalk_base_path }}/config"
 matrix_appservice_kakaotalk_data_path: "{{ matrix_appservice_kakaotalk_base_path }}/data"
-matrix_appservice_kakaotalk_docker_src_files_path: "{{ matrix_appservice_kakaotalk_base_path }}/docker-src"
+matrix_appservice_kakaotalk_container_src_files_path: "{{ matrix_appservice_kakaotalk_base_path }}/docker-src"

 matrix_appservice_kakaotalk_command_prefix: "!kt"

--- a/roles/custom/matrix-bridge-appservice-kakaotalk/tasks/setup_install.yml
+++ b/roles/custom/matrix-bridge-appservice-kakaotalk/tasks/setup_install.yml
@@ -8,10 +8,10 @@

 - name: Ensure matrix-appservice-kakaotalk image is pulled
  community.docker.docker_image:
-    name: "{{ matrix_appservice_kakaotalk_docker_image }}"
+    name: "{{ matrix_appservice_kakaotalk_container_image }}"
    source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
-    force_source: "{{ matrix_appservice_kakaotalk_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
-    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_appservice_kakaotalk_docker_image_force_pull }}"
+    force_source: "{{ matrix_appservice_kakaotalk_container_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
+    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_appservice_kakaotalk_container_image_force_pull }}"
  when: not matrix_appservice_kakaotalk_container_image_self_build
  register: result
  retries: "{{ devture_playbook_help_container_retries_count }}"
@@ -20,10 +20,10 @@

 - name: Ensure matrix-appservice-kakaotalk-node image is pulled
  community.docker.docker_image:
-    name: "{{ matrix_appservice_kakaotalk_node_docker_image }}"
+    name: "{{ matrix_appservice_kakaotalk_node_container_image }}"
    source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
-    force_source: "{{ matrix_appservice_kakaotalk_node_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
-    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_appservice_kakaotalk_node_docker_image_force_pull }}"
+    force_source: "{{ matrix_appservice_kakaotalk_node_container_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
+    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_appservice_kakaotalk_node_container_image_force_pull }}"
  when: not matrix_appservice_kakaotalk_container_image_self_build
  register: result
  retries: "{{ devture_playbook_help_container_retries_count }}"
@@ -34,20 +34,20 @@
  ansible.builtin.file:
    path: "{{ item.path }}"
    state: directory
-    mode: 0750
+    mode: '0750'
    owner: "{{ matrix_user_name }}"
    group: "{{ matrix_group_name }}"
  with_items:
    - {path: "{{ matrix_appservice_kakaotalk_base_path }}", when: true}
    - {path: "{{ matrix_appservice_kakaotalk_config_path }}", when: true}
    - {path: "{{ matrix_appservice_kakaotalk_data_path }}", when: true}
-    - {path: "{{ matrix_appservice_kakaotalk_docker_src_files_path }}", when: "{{ matrix_appservice_kakaotalk_container_image_self_build }}"}
+    - {path: "{{ matrix_appservice_kakaotalk_container_src_files_path }}", when: "{{ matrix_appservice_kakaotalk_container_image_self_build }}"}
  when: item.when | bool

 - name: Ensure matrix-appservice-kakaotalk repository is present on self-build
  ansible.builtin.git:
    repo: "{{ matrix_appservice_kakaotalk_container_image_self_build_repo }}"
-    dest: "{{ matrix_appservice_kakaotalk_docker_src_files_path }}"
+    dest: "{{ matrix_appservice_kakaotalk_container_src_files_path }}"
    version: "{{ matrix_appservice_kakaotalk_container_image_self_build_repo_version }}"
    force: "yes"
  become: true
@@ -57,25 +57,25 @@

 - name: Ensure matrix-appservice-kakaotalk-node Docker image is built
  community.docker.docker_image:
-    name: "{{ matrix_appservice_kakaotalk_node_docker_image }}"
+    name: "{{ matrix_appservice_kakaotalk_node_container_image }}"
    source: build
    force_source: "{{ matrix_appservice_kakaotalk_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_appservice_kakaotalk_git_pull_results.changed }}"
    build:
      dockerfile: Dockerfile
-      path: "{{ matrix_appservice_kakaotalk_docker_src_files_path }}/node"
+      path: "{{ matrix_appservice_kakaotalk_container_src_files_path }}/node"
      pull: true
  when: "matrix_appservice_kakaotalk_container_image_self_build | bool"

 - name: Ensure matrix-appservice-kakaotalk Docker image is built
  community.docker.docker_image:
-    name: "{{ matrix_appservice_kakaotalk_docker_image }}"
+    name: "{{ matrix_appservice_kakaotalk_container_image }}"
    source: build
    force_source: "{{ matrix_appservice_kakaotalk_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_appservice_kakaotalk_git_pull_results.changed }}"
    build:
      dockerfile: Dockerfile
-      path: "{{ matrix_appservice_kakaotalk_docker_src_files_path }}"
+      path: "{{ matrix_appservice_kakaotalk_container_src_files_path }}"
      pull: true
  when: "matrix_appservice_kakaotalk_container_image_self_build | bool"

@@ -83,7 +83,7 @@
  ansible.builtin.copy:
    content: "{{ matrix_appservice_kakaotalk_node_configuration | to_nice_json }}"
    dest: "{{ matrix_appservice_kakaotalk_config_path }}/node-config.json"
-    mode: 0644
+    mode: '0644'
    owner: "{{ matrix_user_name }}"
    group: "{{ matrix_group_name }}"

@@ -91,7 +91,7 @@
  ansible.builtin.copy:
    content: "{{ matrix_appservice_kakaotalk_configuration | to_nice_yaml(indent=2, width=999999) }}"
    dest: "{{ matrix_appservice_kakaotalk_config_path }}/config.yaml"
-    mode: 0644
+    mode: '0644'
    owner: "{{ matrix_user_name }}"
    group: "{{ matrix_group_name }}"

@@ -99,7 +99,7 @@
  ansible.builtin.copy:
    content: "{{ matrix_appservice_kakaotalk_registration | to_nice_yaml(indent=2, width=999999) }}"
    dest: "{{ matrix_appservice_kakaotalk_config_path }}/registration.yaml"
-    mode: 0644
+    mode: '0644'
    owner: "{{ matrix_user_name }}"
    group: "{{ matrix_group_name }}"

@@ -114,11 +114,11 @@
  ansible.builtin.template:
    src: "{{ role_path }}/templates/systemd/matrix-appservice-kakaotalk-node.service.j2"
    dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-appservice-kakaotalk-node.service"
-    mode: 0644
+    mode: '0644'
  register: matrix_appservice_kakaotalk_node_systemd_service_result

 - name: Ensure matrix-appservice-kakaotalk.service installed
  ansible.builtin.template:
    src: "{{ role_path }}/templates/systemd/matrix-appservice-kakaotalk.service.j2"
    dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-appservice-kakaotalk.service"
-    mode: 0644
+    mode: '0644'
--- a/roles/custom/matrix-bridge-appservice-kakaotalk/tasks/validate_config.yml
+++ b/roles/custom/matrix-bridge-appservice-kakaotalk/tasks/validate_config.yml
@@ -5,6 +5,27 @@

 ---

+- name: (Deprecation) Catch and report renamed appservice-kakaotalk variables
+  ansible.builtin.fail:
+    msg: >-
+      Your configuration contains a variable, which now has a different name.
+      Please rename the variable (`{{ item.old }}` -> `{{ item.new }}`) on your configuration file (vars.yml).
+  when: "lookup('ansible.builtin.varnames', ('^' + item.old + '$'), wantlist=True) | length > 0"
+  with_items:
+    - {'old': 'matrix_appservice_kakaotalk_node_docker_image_name_prefix', 'new': 'matrix_appservice_kakaotalk_node_container_image_registry_prefix'}
+    - {'old': 'matrix_appservice_kakaotalk_docker_image_name_prefix', 'new': 'matrix_appservice_kakaotalk_container_image_registry_prefix'}
+    - {'old': 'matrix_appservice_kakaotalk_docker_image', 'new': 'matrix_appservice_kakaotalk_container_image'}
+    - {'old': 'matrix_appservice_kakaotalk_docker_image_force_pull', 'new': 'matrix_appservice_kakaotalk_container_image_force_pull'}
+    - {'old': 'matrix_appservice_kakaotalk_docker_image_registry_prefix', 'new': 'matrix_appservice_kakaotalk_container_image_registry_prefix'}
+    - {'old': 'matrix_appservice_kakaotalk_docker_image_registry_prefix_upstream', 'new': 'matrix_appservice_kakaotalk_container_image_registry_prefix_upstream'}
+    - {'old': 'matrix_appservice_kakaotalk_docker_image_registry_prefix_upstream_default', 'new': 'matrix_appservice_kakaotalk_container_image_registry_prefix_upstream_default'}
+    - {'old': 'matrix_appservice_kakaotalk_docker_src_files_path', 'new': 'matrix_appservice_kakaotalk_container_src_files_path'}
+    - {'old': 'matrix_appservice_kakaotalk_node_docker_image', 'new': 'matrix_appservice_kakaotalk_node_container_image'}
+    - {'old': 'matrix_appservice_kakaotalk_node_docker_image_force_pull', 'new': 'matrix_appservice_kakaotalk_node_container_image_force_pull'}
+    - {'old': 'matrix_appservice_kakaotalk_node_docker_image_registry_prefix', 'new': 'matrix_appservice_kakaotalk_node_container_image_registry_prefix'}
+    - {'old': 'matrix_appservice_kakaotalk_node_docker_image_registry_prefix_upstream', 'new': 'matrix_appservice_kakaotalk_node_container_image_registry_prefix_upstream'}
+    - {'old': 'matrix_appservice_kakaotalk_node_docker_image_registry_prefix_upstream_default', 'new': 'matrix_appservice_kakaotalk_node_container_image_registry_prefix_upstream_default'}
+
 - name: Fail if required appservice-kakaotalk settings not defined
  ansible.builtin.fail:
    msg: >-
@@ -16,13 +37,3 @@
    - {'name': 'matrix_appservice_kakaotalk_homeserver_token', when: true}
    - {'name': 'matrix_appservice_kakaotalk_database_hostname', when: "{{ matrix_appservice_kakaotalk_database_engine == 'postgres' }}"}
    - {'name': 'matrix_appservice_kakaotalk_container_network', when: true}
-
- name: (Deprecation) Catch and report renamed appservice-kakaotalk variables
-  ansible.builtin.fail:
-    msg: >-
-      Your configuration contains a variable, which now has a different name.
-      Please rename the variable (`{{ item.old }}` -> `{{ item.new }}`) on your configuration file (vars.yml).
-  when: "lookup('ansible.builtin.varnames', ('^' + item.old + '$'), wantlist=True) | length > 0"
-  with_items:
-    - {'old': 'matrix_appservice_kakaotalk_node_docker_image_name_prefix', 'new': 'matrix_appservice_kakaotalk_node_docker_image_registry_prefix'}
-    - {'old': 'matrix_appservice_kakaotalk_docker_image_name_prefix', 'new': 'matrix_appservice_kakaotalk_docker_image_registry_prefix'}
--- a/roles/custom/matrix-bridge-appservice-kakaotalk/templates/systemd/matrix-appservice-kakaotalk-node.service.j2
+++ b/roles/custom/matrix-bridge-appservice-kakaotalk/templates/systemd/matrix-appservice-kakaotalk-node.service.j2
@@ -27,7 +27,7 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \
 			{% for arg in matrix_appservice_kakaotalk_node_container_extra_arguments %}
 			{{ arg }} \
 			{% endfor %}
-			{{ matrix_appservice_kakaotalk_node_docker_image }} \
+			{{ matrix_appservice_kakaotalk_node_container_image }} \
 			node src/main.js --config /config.json

 {% for network in matrix_appservice_kakaotalk_container_additional_networks %}
--- a/roles/custom/matrix-bridge-appservice-kakaotalk/templates/systemd/matrix-appservice-kakaotalk.service.j2
+++ b/roles/custom/matrix-bridge-appservice-kakaotalk/templates/systemd/matrix-appservice-kakaotalk.service.j2
@@ -28,7 +28,7 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \
 			{% for arg in matrix_appservice_kakaotalk_container_extra_arguments %}
 			{{ arg }} \
 			{% endfor %}
-			{{ matrix_appservice_kakaotalk_docker_image }} \
+			{{ matrix_appservice_kakaotalk_container_image }} \
 			python3 -m matrix_appservice_kakaotalk -c /config/config.yaml --no-update

 {% for network in matrix_appservice_discord_container_additional_networks %}
--- a/roles/custom/matrix-bridge-appservice-slack/defaults/main.yml
+++ b/roles/custom/matrix-bridge-appservice-slack/defaults/main.yml
@@ -1,208 +0,0 @@
-# SPDX-FileCopyrightText: 2019 - 2022 MDAD project contributors
-# SPDX-FileCopyrightText: 2019 - 2024 Slavi Pantaleev
-# SPDX-FileCopyrightText: 2020 Daniel Wiegreffe
-# SPDX-FileCopyrightText: 2021 Ahmad Haghighi
-# SPDX-FileCopyrightText: 2021 Béla Becker
-# SPDX-FileCopyrightText: 2021 Panagiotis Georgiadis
-# SPDX-FileCopyrightText: 2021 boris runakov
-# SPDX-FileCopyrightText: 2022 Didier 'OdyX' Raboud
-# SPDX-FileCopyrightText: 2022 Marko Weltzer
-# SPDX-FileCopyrightText: 2022 Nikita Chernyi
-# SPDX-FileCopyrightText: 2023 Samuel Meenzen
-# SPDX-FileCopyrightText: 2024 Fabio Bonelli
-# SPDX-FileCopyrightText: 2024 Suguru Hirahara
-#
-# SPDX-License-Identifier: AGPL-3.0-or-later
-
---
-# matrix-appservice-slack is a Matrix <-> Slack bridge
-# Project source code URL: https://github.com/matrix-org/matrix-appservice-slack
-
-matrix_appservice_slack_enabled: true
-
-matrix_appservice_slack_scheme: https
-matrix_appservice_slack_hostname: ''
-matrix_appservice_slack_path_prefix: /appservice-slack
-
-matrix_appservice_slack_container_image_self_build: false
-matrix_appservice_slack_docker_repo: "https://github.com/matrix-org/matrix-appservice-slack.git"
-matrix_appservice_slack_docker_repo_version: "{{ 'master' if matrix_appservice_slack_version == 'latest' else matrix_appservice_slack_version }}"
-matrix_appservice_slack_docker_src_files_path: "{{ matrix_base_data_path }}/appservice-slack/docker-src"
-
-# matrix_appservice_slack_version used to contain the full Docker image tag (e.g. `release-X.X.X`).
-# It's a bare version number now. We try to somewhat retain compatibility below.
-# renovate: datasource=docker depName=docker.io/matrixdotorg/matrix-appservice-slack
-matrix_appservice_slack_version: 2.1.2
-matrix_appservice_slack_docker_image: "{{ matrix_appservice_slack_docker_image_registry_prefix }}matrixdotorg/matrix-appservice-slack:{{ matrix_appservice_slack_docker_image_tag }}"
-matrix_appservice_slack_docker_image_registry_prefix: "{{ 'localhost/' if matrix_appservice_slack_container_image_self_build else matrix_appservice_slack_docker_image_registry_prefix_upstream }}"
-matrix_appservice_slack_docker_image_registry_prefix_upstream: "{{ matrix_appservice_slack_docker_image_registry_prefix_upstream_default }}"
-matrix_appservice_slack_docker_image_registry_prefix_upstream_default: "docker.io/"
-matrix_appservice_slack_docker_image_tag: "{{ 'latest' if matrix_appservice_slack_version == 'latest' else ('release-' + matrix_appservice_slack_version) }}"
-matrix_appservice_slack_docker_image_force_pull: "{{ matrix_appservice_slack_docker_image.endswith(':latest') }}"
-
-matrix_appservice_slack_base_path: "{{ matrix_base_data_path }}/appservice-slack"
-matrix_appservice_slack_config_path: "{{ matrix_appservice_slack_base_path }}/config"
-matrix_appservice_slack_data_path: "{{ matrix_appservice_slack_base_path }}/data"
-
-matrix_appservice_slack_public_endpoint: "{{ matrix_appservice_slack_path_prefix }}"
-matrix_appservice_slack_inbound_uri_prefix: "{{ matrix_appservice_slack_scheme }}://{{ matrix_appservice_slack_hostname }}{{ matrix_appservice_slack_public_endpoint }}"
-
-# Once you make a control room in Matrix, you can get its ID by typing any message and checking its source
-matrix_appservice_slack_control_room_id: ''
-matrix_appservice_slack_bot_name: 'slackbot'
-matrix_appservice_slack_user_prefix: 'slack_'
-
-# Controls the SLACK_PORT and MATRIX_PORT of the installation
-matrix_appservice_slack_matrix_port: 9004
-matrix_appservice_slack_slack_port: 9003
-
-# Controls whether the appservice-slack container exposes its HTTP port (tcp/9003 in the container).
-#
-# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:9999"), or empty string to not expose.
-matrix_appservice_slack_container_http_host_bind_port: ''
-
-matrix_appservice_slack_container_network: ""
-
-matrix_appservice_slack_container_additional_networks: "{{ matrix_appservice_slack_container_additional_networks_auto + matrix_appservice_slack_container_additional_networks_custom }}"
-matrix_appservice_slack_container_additional_networks_auto: []
-matrix_appservice_slack_container_additional_networks_custom: []
-
-# matrix_appservice_slack_container_labels_traefik_enabled controls whether labels to assist a Traefik reverse-proxy will be attached to the container.
-# See `../templates/labels.j2` for details.
-#
-# To inject your own other container labels, see `matrix_appservice_slack_container_labels_additional_labels`.
-matrix_appservice_slack_container_labels_traefik_enabled: true
-matrix_appservice_slack_container_labels_traefik_docker_network: "{{ matrix_appservice_slack_container_network }}"
-matrix_appservice_slack_container_labels_traefik_entrypoints: web-secure
-matrix_appservice_slack_container_labels_traefik_tls_certResolver: default  # noqa var-naming
-
-# Controls whether labels will be added that expose matrix-appservice-slack's public endpoints
-matrix_appservice_slack_container_labels_public_endpoint_enabled: true
-matrix_appservice_slack_container_labels_public_endpoint_hostname: "{{ matrix_appservice_slack_hostname }}"
-matrix_appservice_slack_container_labels_public_endpoint_prefix: "{{ matrix_appservice_slack_path_prefix }}"
-matrix_appservice_slack_container_labels_public_endpoint_traefik_rule: "Host(`{{ matrix_appservice_slack_container_labels_public_endpoint_hostname }}`) && PathPrefix(`{{ matrix_appservice_slack_path_prefix }}`)"
-matrix_appservice_slack_container_labels_public_endpoint_traefik_priority: 0
-matrix_appservice_slack_container_labels_public_endpoint_traefik_entrypoints: "{{ matrix_appservice_slack_container_labels_traefik_entrypoints }}"
-matrix_appservice_slack_container_labels_public_endpoint_traefik_tls: "{{ matrix_appservice_slack_container_labels_public_endpoint_traefik_entrypoints != 'web' }}"
-matrix_appservice_slack_container_labels_public_endpoint_traefik_tls_certResolver: "{{ matrix_appservice_slack_container_labels_traefik_tls_certResolver }}"  # noqa var-naming
-
-# matrix_appservice_slack_container_labels_additional_labels contains a multiline string with additional labels to add to the container label file.
-# See `../templates/labels.j2` for details.
-#
-# Example:
-# matrix_appservice_slack_container_labels_additional_labels: |
-#   my.label=1
-#   another.label="here"
-matrix_appservice_slack_container_labels_additional_labels: ''
-
-# A list of extra arguments to pass to the container
-matrix_appservice_slack_container_extra_arguments: []
-
-# List of systemd services that matrix-appservice-slack.service depends on.
-matrix_appservice_slack_systemd_required_services_list: "{{ matrix_appservice_slack_systemd_required_services_list_default + matrix_appservice_slack_systemd_required_services_list_auto + matrix_appservice_slack_systemd_required_services_list_custom }}"
-matrix_appservice_slack_systemd_required_services_list_default: "{{ [devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else [] }}"
-matrix_appservice_slack_systemd_required_services_list_auto: []
-matrix_appservice_slack_systemd_required_services_list_custom: []
-
-# List of systemd services that matrix-appservice-slack.service wants
-matrix_appservice_slack_systemd_wanted_services_list: []
-
-matrix_appservice_slack_homeserver_media_url: "{{ matrix_server_fqn_matrix }}"
-matrix_appservice_slack_homeserver_url: ""
-matrix_appservice_slack_homeserver_domain: "{{ matrix_domain }}"
-matrix_appservice_slack_appservice_url: 'http://matrix-appservice-slack'
-
-matrix_appservice_slack_appservice_token: ''
-matrix_appservice_slack_homeserver_token: ''
-matrix_appservice_slack_id_token: ''
-
-matrix_appservice_slack_database_engine: nedb
-matrix_appservice_slack_database_username: matrix_appservice_slack
-matrix_appservice_slack_database_password: 'some-passsword'
-matrix_appservice_slack_database_hostname: ''
-matrix_appservice_slack_database_port: 5432
-matrix_appservice_slack_database_name: matrix_appservice_slack
-matrix_appservice_slack_database_sslmode: disable
-
-matrix_appservice_slack_puppeting_enabled: false
-matrix_appservice_slack_puppeting_slackapp_client_id: ''
-matrix_appservice_slack_puppeting_slackapp_client_secret: ''
-matrix_appservice_slack_puppeting_onboard_users: true
-
-matrix_appservice_slack_team_sync_enabled: false
-matrix_appservice_slack_team_sync_alias_prefix: 'slack_'
-
-# The name of the container network to use when importing a NeDB database into Postgres.
-# For Postgres not working in a container, this can be left empty.
-matrix_appservice_slack_database_container_network: ''
-
-# This is just the Postgres connection string, if Postgres is used.
-# Naming clashes with `matrix_appservice_slack_database_connectionString` somewhat.
-matrix_appservice_slack_database_connection_string: 'postgresql://{{ matrix_appservice_slack_database_username }}:{{ matrix_appservice_slack_database_password }}@{{ matrix_appservice_slack_database_hostname }}:{{ matrix_appservice_slack_database_port }}/{{ matrix_appservice_slack_database_name }}?sslmode={{ matrix_appservice_slack_database_sslmode }}'
-
-# This is what actually goes into `database.connectionString` for the bridge.
-matrix_appservice_slack_database_connectionString: |-  # noqa var-naming
-  {{
-    {
-      'nedb': 'nedb:///data',
-      'postgres': matrix_appservice_slack_database_connection_string,
-    }[matrix_appservice_slack_database_engine]
-  }}
-
-
-matrix_appservice_slack_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}"
-
-matrix_appservice_slack_configuration_extension_yaml: |
-    #slack_hook_port: 9898
-    #inbound_uri_prefix: "https://my.server.here:9898/"
-    #bot_username: "slackbot"
-    #username_prefix: "slack_"
-    # Optional
-    #slack_master_token: "abc-123-def"
-    # Optional
-    #matrix_admin_room: "!qporfwt:example.com"
-    #homeserver:
-    #    url: http://localhost:{{ matrix_synapse_container_client_api_port }}
-    #    server_name: my.server
-    # Optional
-    #tls:
-    #    key_file: /path/to/tls.key
-    #    crt_file: /path/to/tls.crt
-    #logging:
-    #    console: "info"
-    #    files:
-    #    - "./debug.log": "info"
-    #    - "./error.log": "error"
-
-matrix_appservice_slack_configuration_extension: "{{ matrix_appservice_slack_configuration_extension_yaml | from_yaml if matrix_appservice_slack_configuration_extension_yaml | from_yaml else {} }}"
-
-matrix_appservice_slack_configuration: "{{ matrix_appservice_slack_configuration_yaml | from_yaml | combine(matrix_appservice_slack_configuration_extension, recursive=True) }}"
-
-matrix_appservice_slack_registration_yaml: |
-  id: "{{ matrix_appservice_slack_id_token }}"
-  as_token: "{{ matrix_appservice_slack_appservice_token }}"
-  hs_token: "{{ matrix_appservice_slack_homeserver_token }}"
-  namespaces:
-    users:
-    - exclusive: true
-      regex: '@{{ matrix_appservice_slack_user_prefix }}.*'
-    aliases:
-    - exclusive: false
-      regex: '#{{ matrix_appservice_slack_user_prefix }}.*'
-    rooms: []
-  url: "{{ matrix_appservice_slack_appservice_url }}:{{ matrix_appservice_slack_matrix_port }}"
-  sender_localpart: slackbot
-  rate_limited: true
-  protocols: null
-
-matrix_appservice_slack_registration: "{{ matrix_appservice_slack_registration_yaml | from_yaml }}"
-
-# matrix_appservice_slack_restart_necessary controls whether the service
-# will be restarted (when true) or merely started (when false) by the
-# systemd service manager role (when conditional restart is enabled).
-#
-# This value is automatically computed during installation based on whether
-# any configuration files, the systemd service file, or the container image changed.
-# The default of `false` means "no restart needed" — appropriate when the role's
-# installation tasks haven't run (e.g., due to --tags skipping them).
-matrix_appservice_slack_restart_necessary: false
--- a/roles/custom/matrix-bridge-appservice-slack/tasks/main.yml
+++ b/roles/custom/matrix-bridge-appservice-slack/tasks/main.yml
@@ -1,26 +0,0 @@
-# SPDX-FileCopyrightText: 2019 - 2024 Slavi Pantaleev
-# SPDX-FileCopyrightText: 2019 MDAD project contributors
-# SPDX-FileCopyrightText: 2022 Marko Weltzer
-#
-# SPDX-License-Identifier: AGPL-3.0-or-later
-
---
-
- tags:
-    - setup-all
-    - setup-appservice-slack
-    - install-all
-    - install-appservice-slack
-  block:
-    - when: matrix_appservice_slack_enabled | bool
-      ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
-
-    - when: matrix_appservice_slack_enabled | bool
-      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
-
- tags:
-    - setup-all
-    - setup-appservice-slack
-  block:
-    - when: not matrix_appservice_slack_enabled | bool
-      ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
--- a/roles/custom/matrix-bridge-appservice-slack/tasks/migrate_nedb_to_postgres.yml
+++ b/roles/custom/matrix-bridge-appservice-slack/tasks/migrate_nedb_to_postgres.yml
@@ -1,80 +0,0 @@
-# SPDX-FileCopyrightText: 2020 - 2024 Slavi Pantaleev
-# SPDX-FileCopyrightText: 2022 Marko Weltzer
-# SPDX-FileCopyrightText: 2024 Suguru Hirahara
-#
-# SPDX-License-Identifier: AGPL-3.0-or-later
-
---
-
- name: Fail if Postgres not enabled
-  ansible.builtin.fail:
-    msg: "Postgres via ansible-role-postgres role is not enabled (`postgres_enabled`). Cannot migrate."
-  when: "not postgres_enabled | bool"
-
-# Defaults
-
- name: Set postgres_start_wait_time, if not provided
-  ansible.builtin.set_fact:
-    postgres_start_wait_time: 15
-  when: "postgres_start_wait_time | default('') == ''"
-
-# Actual import work
-
- name: Ensure Postgres is started
-  ansible.builtin.service:
-    name: "{{ postgres_identifier }}"
-    state: started
-    daemon_reload: true
-  register: postgres_service_start_result
-
- name: Wait a bit, so that Postgres can start
-  ansible.builtin.wait_for:
-    timeout: "{{ postgres_start_wait_time }}"
-  delegate_to: 127.0.0.1
-  become: false
-  when: "postgres_service_start_result.changed | bool"
-
- name: Ensure matrix-appservice-slack is stopped
-  ansible.builtin.service:
-    name: matrix-appservice-slack
-    state: stopped
-
- name: Import appservice-slack NeDB database into Postgres
-  ansible.builtin.command:
-    cmd: >-
-      {{ devture_systemd_docker_base_host_command_docker }} run
-      --rm
-      --user={{ matrix_user_uid }}:{{ matrix_user_gid }}
-      --cap-drop=ALL
-      {% if matrix_appservice_slack_database_container_network %}
-      --network={{ matrix_appservice_irc_database_container_network }}
-      {% endif %}
-      --mount type=bind,src={{ matrix_appservice_slack_data_path }},dst=/data
-      --entrypoint=/bin/sh
-      {{ matrix_appservice_slack_docker_image }}
-      -c
-      '/usr/local/bin/node /usr/src/app/lib/scripts/migrateToPostgres.js --dbdir /data --connectionString {{ matrix_appservice_slack_database_connection_string }}'
-  register: matrix_appservice_slack_import_nedb_to_postgres_result
-  changed_when: matrix_appservice_slack_import_nedb_to_postgres_result.rc == 0
-
- name: Archive NeDB database files
-  ansible.builtin.command:
-    cmd: "mv {{ matrix_appservice_slack_data_path }}/{{ item }} {{ matrix_appservice_slack_data_path }}/{{ item }}.backup"
-  register: matrix_appservice_slack_import_nedb_to_postgres_move_result
-  changed_when: matrix_appservice_slack_import_nedb_to_postgres_move_result.rc == 0
-  with_items:
-    - teams.db
-    - room-store.db
-    - user-store.db
-    - event-store.db
-
- name: Inject result
-  ansible.builtin.set_fact:
-    devture_playbook_runtime_messages_list: |
-      {{
-        devture_playbook_runtime_messages_list | default([])
-        +
-        [
-          "Note: Your appservice-slack database files have been imported into Postgres. The original database files have been moved from `" + matrix_appservice_slack_data_path + "/*.db` to `" + matrix_appservice_slack_data_path + "/*.db.backup`. When you've confirmed that the import went well and everything works, you should be able to safely delete these files."
-        ]
-      }}
--- a/roles/custom/matrix-bridge-appservice-slack/tasks/setup_install.yml
+++ b/roles/custom/matrix-bridge-appservice-slack/tasks/setup_install.yml
@@ -1,141 +0,0 @@
-# SPDX-FileCopyrightText: 2019 - 2022 MDAD project contributors
-# SPDX-FileCopyrightText: 2019 - 2024 Slavi Pantaleev
-# SPDX-FileCopyrightText: 2020 Chris van Dijk
-# SPDX-FileCopyrightText: 2021 Panagiotis Georgiadis
-# SPDX-FileCopyrightText: 2022 Jim Myhrberg
-# SPDX-FileCopyrightText: 2022 Marko Weltzer
-# SPDX-FileCopyrightText: 2022 Nikita Chernyi
-# SPDX-FileCopyrightText: 2022 Sebastian Gumprich
-# SPDX-FileCopyrightText: 2024 David Mehren
-#
-# SPDX-License-Identifier: AGPL-3.0-or-later
-
---
-
- name: Ensure AppService Slack paths exist
-  ansible.builtin.file:
-    path: "{{ item.path }}"
-    state: directory
-    mode: 0750
-    owner: "{{ matrix_user_name }}"
-    group: "{{ matrix_group_name }}"
-  with_items:
-    - {path: "{{ matrix_appservice_slack_base_path }}", when: true}
-    - {path: "{{ matrix_appservice_slack_config_path }}", when: true}
-    - {path: "{{ matrix_appservice_slack_data_path }}", when: true}
-    - {path: "{{ matrix_appservice_slack_docker_src_files_path }}", when: "{{ matrix_appservice_slack_container_image_self_build }}"}
-  when: item.when | bool
-
- ansible.builtin.set_fact:
-    matrix_appservice_slack_migration_requires_restart: false
-
- when: "matrix_appservice_slack_database_engine == 'postgres'"
-  block:
-    - name: Check if a nedb database already exists
-      ansible.builtin.stat:
-        path: "{{ matrix_appservice_slack_data_path }}/teams.db"
-      register: matrix_appservice_slack_nedb_database_path_local_stat_result
-
-    - when: "matrix_appservice_slack_nedb_database_path_local_stat_result.stat.exists | bool"
-      block:
-        - ansible.builtin.include_tasks: "{{ role_path }}/tasks/migrate_nedb_to_postgres.yml"
-
-        - ansible.builtin.set_fact:
-            matrix_appservice_slack_migration_requires_restart: true
-
- name: Ensure Appservice Slack image is pulled
-  community.docker.docker_image:
-    name: "{{ matrix_appservice_slack_docker_image }}"
-    source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
-    force_source: "{{ matrix_appservice_slack_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
-    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_appservice_slack_docker_image_force_pull }}"
-  when: "not matrix_appservice_slack_container_image_self_build | bool"
-  register: matrix_appservice_slack_container_image_pull_result
-  retries: "{{ devture_playbook_help_container_retries_count }}"
-  delay: "{{ devture_playbook_help_container_retries_delay }}"
-  until: matrix_appservice_slack_container_image_pull_result is not failed
-
- name: Ensure matrix-appservice-slack repository is present when self-building
-  ansible.builtin.git:
-    repo: "{{ matrix_appservice_slack_docker_repo }}"
-    version: "{{ matrix_appservice_slack_docker_repo_version }}"
-    dest: "{{ matrix_appservice_slack_docker_src_files_path }}"
-    force: "yes"
-  become: true
-  become_user: "{{ matrix_user_name }}"
-  register: matrix_appservice_slack_git_pull_results
-  when: "matrix_appservice_slack_container_image_self_build | bool"
-
- name: Ensure matrix-appservice-slack Docker image is built
-  community.docker.docker_image:
-    name: "{{ matrix_appservice_slack_docker_image }}"
-    source: build
-    force_source: "{{ matrix_appservice_slack_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
-    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_appservice_slack_git_pull_results.changed }}"
-    build:
-      dockerfile: Dockerfile
-      path: "{{ matrix_appservice_slack_docker_src_files_path }}"
-      pull: true
-  when: "matrix_appservice_slack_container_image_self_build | bool and matrix_appservice_slack_git_pull_results.changed"
-
- name: Ensure Matrix Appservice Slack config installed
-  ansible.builtin.copy:
-    content: "{{ matrix_appservice_slack_configuration | to_nice_yaml(indent=2, width=999999) }}"
-    dest: "{{ matrix_appservice_slack_config_path }}/config.yaml"
-    mode: 0644
-    owner: "{{ matrix_user_name }}"
-    group: "{{ matrix_group_name }}"
-  register: matrix_appservice_slack_config_result
-
- name: Ensure appservice-slack registration.yaml installed
-  ansible.builtin.copy:
-    content: "{{ matrix_appservice_slack_registration | to_nice_yaml(indent=2, width=999999) }}"
-    dest: "{{ matrix_appservice_slack_config_path }}/slack-registration.yaml"
-    mode: 0644
-    owner: "{{ matrix_user_name }}"
-    group: "{{ matrix_group_name }}"
-  register: matrix_appservice_slack_registration_result
-
- name: Ensure matrix-appservice-slack container network is created
-  community.general.docker_network:
-    enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
-    name: "{{ matrix_appservice_slack_container_network }}"
-    driver: bridge
-    driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
-
- name: Ensure matrix-appservice-slack support files installed
-  ansible.builtin.template:
-    src: "{{ role_path }}/templates/{{ item }}.j2"
-    dest: "{{ matrix_appservice_slack_base_path }}/{{ item }}"
-    mode: 0640
-    owner: "{{ matrix_user_name }}"
-    group: "{{ matrix_group_name }}"
-  with_items:
-    - labels
-  register: matrix_appservice_slack_support_files_result
-
- name: Ensure matrix-appservice-slack.service installed
-  ansible.builtin.template:
-    src: "{{ role_path }}/templates/systemd/matrix-appservice-slack.service.j2"
-    dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-appservice-slack.service"
-    mode: 0644
-  register: matrix_appservice_slack_systemd_service_result
-
- name: Determine whether matrix-appservice-slack needs a restart
-  ansible.builtin.set_fact:
-    matrix_appservice_slack_restart_necessary: >-
-      {{
-        matrix_appservice_slack_migration_requires_restart | default(false)
-        or matrix_appservice_slack_config_result.changed | default(false)
-        or matrix_appservice_slack_registration_result.changed | default(false)
-        or matrix_appservice_slack_support_files_result.changed | default(false)
-        or matrix_appservice_slack_systemd_service_result.changed | default(false)
-        or matrix_appservice_slack_container_image_pull_result.changed | default(false)
-      }}
-
- name: Ensure matrix-appservice-slack.service restarted, if necessary
-  ansible.builtin.service:
-    name: "matrix-appservice-slack.service"
-    state: restarted
-    daemon_reload: true
-  when: "matrix_appservice_slack_migration_requires_restart | bool"
--- a/roles/custom/matrix-bridge-appservice-slack/tasks/setup_uninstall.yml
+++ b/roles/custom/matrix-bridge-appservice-slack/tasks/setup_uninstall.yml
@@ -1,26 +0,0 @@
-# SPDX-FileCopyrightText: 2019 - 2020 MDAD project contributors
-# SPDX-FileCopyrightText: 2021 - 2022 Slavi Pantaleev
-# SPDX-FileCopyrightText: 2022 Marko Weltzer
-#
-# SPDX-License-Identifier: AGPL-3.0-or-later
-
---
-
- name: Check existence of matrix-appservice-slack service
-  ansible.builtin.stat:
-    path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-appservice-slack.service"
-  register: matrix_appservice_slack_service_stat
-
- when: matrix_appservice_slack_service_stat.stat.exists | bool
-  block:
-    - name: Ensure matrix-appservice-slack is stopped
-      ansible.builtin.service:
-        name: matrix-appservice-slack
-        state: stopped
-        enabled: false
-        daemon_reload: true
-
-    - name: Ensure matrix-appservice-slack.service doesn't exist
-      ansible.builtin.file:
-        path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-appservice-slack.service"
-        state: absent
--- a/roles/custom/matrix-bridge-appservice-slack/tasks/validate_config.yml
+++ b/roles/custom/matrix-bridge-appservice-slack/tasks/validate_config.yml
@@ -1,33 +0,0 @@
-# SPDX-FileCopyrightText: 2019 - 2022 MDAD project contributors
-# SPDX-FileCopyrightText: 2019 - 2024 Slavi Pantaleev
-# SPDX-FileCopyrightText: 2021 boris runakov
-# SPDX-FileCopyrightText: 2025 Suguru Hirahara
-#
-# SPDX-License-Identifier: AGPL-3.0-or-later
-
---
-
- name: Fail if required appservice-slack settings not defined
-  ansible.builtin.fail:
-    msg: >-
-      You need to define a required configuration setting (`{{ item.name }}`).
-  when: "item.when | bool and lookup('vars', item.name, default='') | string | length == 0"
-  with_items:
-    - {'name': 'matrix_appservice_slack_control_room_id', when: true}
-    - {'name': 'matrix_appservice_slack_appservice_token', when: true}
-    - {'name': 'matrix_appservice_slack_homeserver_url', when: true}
-    - {'name': 'matrix_appservice_slack_homeserver_token', when: true}
-    - {'name': 'matrix_appservice_slack_id_token', when: true}
-    - {'name': 'matrix_appservice_slack_database_hostname', when: "{{ matrix_appservice_slack_database_engine == 'postgres' }}"}
-    - {'name': 'matrix_appservice_slack_container_network', when: true}
-    - {'name': 'matrix_appservice_slack_hostname', when: true}
-    - {'name': 'matrix_appservice_slack_path_prefix', when: true}
-
- name: (Deprecation) Catch and report renamed settings
-  ansible.builtin.fail:
-    msg: >-
-      Your configuration contains a variable, which now has a different name.
-      Please rename the variable (`{{ item.old }}` -> `{{ item.new }}`) on your configuration file (vars.yml).
-  when: "lookup('ansible.builtin.varnames', ('^' + item.old + '$'), wantlist=True) | length > 0"
-  with_items:
-    - {'old': 'matrix_appservice_slack_container_self_build', 'new': 'matrix_appservice_slack_container_image_self_build'}
--- a/roles/custom/matrix-bridge-appservice-slack/templates/config.yaml.j2
+++ b/roles/custom/matrix-bridge-appservice-slack/templates/config.yaml.j2
@@ -1,55 +0,0 @@
-#jinja2: lstrip_blocks: True
-slack_hook_port: {{ matrix_appservice_slack_slack_port }}
-inbound_uri_prefix: "{{ matrix_appservice_slack_inbound_uri_prefix }}"
-bot_username: "{{ matrix_appservice_slack_bot_name }}"
-username_prefix: {{ matrix_appservice_slack_user_prefix }}
-
-homeserver:
-    server_name: "{{ matrix_domain }}"
-    url: "{{ matrix_appservice_slack_homeserver_url }}"
-    media_url: "{{ matrix_appservice_slack_homeserver_media_url }}"
-
-# Real Time Messaging API (RTM)
-# Optional if slack_hook_port and inbound_uri_prefix are defined, required otherwise.
-#
-rtm:
-  # Use the RTM API to listen for requests, which does not require
-  # the bridge to listen on the hook port.
-  # You should leave this enabled, unless you plan to use the
-  # bridge exclusively for webhooks.
-  #
-  enable: true
-
-  # Logging level specific to RTM traffic.
-  #
-  log_level: "silent"
-
-{% if matrix_appservice_slack_puppeting_enabled %}
-puppeting:
-  enabled: true
-  onboard_users: {{ matrix_appservice_slack_puppeting_onboard_users | to_json }}
-
-oauth2:
-  client_id: {{ matrix_appservice_slack_puppeting_slackapp_client_id | to_json }}
-  client_secret: {{ matrix_appservice_slack_puppeting_slackapp_client_secret | to_json }}
-{% endif %}
-
-{% if matrix_appservice_slack_team_sync_enabled %}
-team_sync:
-  all:
-    channels:
-      enabled: true
-      alias_prefix: {{ matrix_appservice_slack_team_sync_alias_prefix | to_json }}
-    users:
-      enabled: true
-{% endif %}
-
-{% if matrix_appservice_slack_database_engine == 'nedb' %}
-dbdir: "/data"
-{% else %}
-db:
-    engine: {{ matrix_appservice_slack_database_engine|to_json }}
-    connectionString: {{ matrix_appservice_slack_database_connectionString|to_json }}
-{% endif %}
-
-matrix_admin_room: "{{ matrix_appservice_slack_control_room_id }}"
--- a/roles/custom/matrix-bridge-appservice-slack/templates/config.yaml.j2.license
+++ b/roles/custom/matrix-bridge-appservice-slack/templates/config.yaml.j2.license
@@ -1,6 +0,0 @@
-SPDX-FileCopyrightText: 2020 - 2022 MDAD project contributors
-SPDX-FileCopyrightText: 2020 - 2024 Slavi Pantaleev
-SPDX-FileCopyrightText: 2022 Didier 'OdyX' Raboud
-SPDX-FileCopyrightText: 2024 Fabio Bonelli
-
-SPDX-License-Identifier: AGPL-3.0-or-later
--- a/roles/custom/matrix-bridge-appservice-slack/templates/labels.j2
+++ b/roles/custom/matrix-bridge-appservice-slack/templates/labels.j2
@@ -1,47 +0,0 @@
-{#
-SPDX-FileCopyrightText: 2024 Slavi Pantaleev
-
-SPDX-License-Identifier: AGPL-3.0-or-later
-#}
-
-{% if matrix_appservice_slack_container_labels_traefik_enabled %}
-traefik.enable=true
-
-{% if matrix_appservice_slack_container_labels_traefik_docker_network %}
-traefik.docker.network={{ matrix_appservice_slack_container_labels_traefik_docker_network }}
-{% endif %}
-
-traefik.http.services.matrix-appservice-slack.loadbalancer.server.port={{ matrix_appservice_slack_slack_port }}
-
-{% if matrix_appservice_slack_container_labels_public_endpoint_enabled %}
-############################################################
-#                                                          #
-# Public                                                   #
-#                                                          #
-############################################################
-
-traefik.http.routers.matrix-appservice-slack-public.rule={{ matrix_appservice_slack_container_labels_public_endpoint_traefik_rule }}
-
-{% if matrix_appservice_slack_container_labels_public_endpoint_traefik_priority | int > 0 %}
-traefik.http.routers.matrix-appservice-slack-public.priority={{ matrix_appservice_slack_container_labels_public_endpoint_traefik_priority }}
-{% endif %}
-
-traefik.http.routers.matrix-appservice-slack-public.service=matrix-appservice-slack
-traefik.http.routers.matrix-appservice-slack-public.entrypoints={{ matrix_appservice_slack_container_labels_public_endpoint_traefik_entrypoints }}
-
-traefik.http.routers.matrix-appservice-slack-public.tls={{ matrix_appservice_slack_container_labels_public_endpoint_traefik_tls | to_json }}
-{% if matrix_appservice_slack_container_labels_public_endpoint_traefik_tls %}
-traefik.http.routers.matrix-appservice-slack-public.tls.certResolver={{ matrix_appservice_slack_container_labels_public_endpoint_traefik_tls_certResolver }}
-{% endif %}
-
-############################################################
-#                                                          #
-# /Public                                                  #
-#                                                          #
-############################################################
-{% endif %}
-
-
-{% endif %}
-
-{{ matrix_appservice_slack_container_labels_additional_labels }}
--- a/roles/custom/matrix-bridge-appservice-slack/templates/systemd/matrix-appservice-slack.service.j2
+++ b/roles/custom/matrix-bridge-appservice-slack/templates/systemd/matrix-appservice-slack.service.j2
@@ -1,51 +0,0 @@
-#jinja2: lstrip_blocks: True
-[Unit]
-Description=Matrix Appservice Slack bridge
-{% for service in matrix_appservice_slack_systemd_required_services_list %}
-Requires={{ service }}
-After={{ service }}
-{% endfor %}
-{% for service in matrix_appservice_slack_systemd_wanted_services_list %}
-Wants={{ service }}
-{% endfor %}
-DefaultDependencies=no
-
-[Service]
-Type=simple
-Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}"
-ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop -t {{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-appservice-slack 2>/dev/null || true'
-ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-appservice-slack 2>/dev/null || true'
-
-ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \
-			--rm \
-			--name=matrix-appservice-slack \
-			--log-driver=none \
-			--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
-			--cap-drop=ALL \
-			--network={{ matrix_appservice_slack_container_network }} \
-			{% if matrix_appservice_slack_container_http_host_bind_port %}
-			-p {{ matrix_appservice_slack_container_http_host_bind_port }}:{{matrix_appservice_slack_slack_port}} \
-			{% endif %}
-			--mount type=bind,src={{ matrix_appservice_slack_config_path }},dst=/config \
-			--mount type=bind,src={{ matrix_appservice_slack_data_path }},dst=/data \
-			--label-file={{ matrix_appservice_slack_base_path }}/labels \
-			{% for arg in matrix_appservice_slack_container_extra_arguments %}
-			{{ arg }} \
-			{% endfor %}
-			{{ matrix_appservice_slack_docker_image }} \
-			node app.js -p {{matrix_appservice_slack_matrix_port}} -c /config/config.yaml -f /config/slack-registration.yaml
-
-{% for network in matrix_appservice_slack_container_additional_networks %}
-ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} network connect {{ network }} matrix-appservice-slack
-{% endfor %}
-
-ExecStart={{ devture_systemd_docker_base_host_command_docker }} start --attach matrix-appservice-slack
-
-ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop -t {{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-appservice-slack 2>/dev/null || true'
-ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-appservice-slack 2>/dev/null || true'
-Restart=always
-RestartSec=30
-SyslogIdentifier=matrix-appservice-slack
-
-[Install]
-WantedBy=multi-user.target
--- a/roles/custom/matrix-bridge-appservice-slack/templates/systemd/matrix-appservice-slack.service.j2.license
+++ b/roles/custom/matrix-bridge-appservice-slack/templates/systemd/matrix-appservice-slack.service.j2.license
@@ -1,6 +0,0 @@
-SPDX-FileCopyrightText: 2019 MDAD project contributors
-SPDX-FileCopyrightText: 2020 - 2025 Slavi Pantaleev
-SPDX-FileCopyrightText: 2020 Chris van Dijk
-SPDX-FileCopyrightText: 2020 Scott Crossen
-
-SPDX-License-Identifier: AGPL-3.0-or-later
--- a/roles/custom/matrix-bridge-beeper-linkedin/defaults/main.yml
+++ b/roles/custom/matrix-bridge-beeper-linkedin/defaults/main.yml
@@ -19,12 +19,12 @@ matrix_beeper_linkedin_enabled: true
 matrix_beeper_linkedin_version: latest

 # See: https://github.com/beeper/linkedin/pkgs/container/linkedin
-matrix_beeper_linkedin_docker_image: "{{ matrix_beeper_linkedin_docker_image_registry_prefix }}beeper/linkedin:{{ matrix_beeper_linkedin_docker_image_tag }}"
-matrix_beeper_linkedin_docker_image_force_pull: "{{ matrix_beeper_linkedin_docker_image_tag.startswith('latest') }}"
-matrix_beeper_linkedin_docker_image_registry_prefix: "{{ 'localhost/' if matrix_beeper_linkedin_container_image_self_build else matrix_beeper_linkedin_docker_image_registry_prefix_upstream }}"
-matrix_beeper_linkedin_docker_image_registry_prefix_upstream: "{{ matrix_beeper_linkedin_docker_image_registry_prefix_upstream_default }}"
-matrix_beeper_linkedin_docker_image_registry_prefix_upstream_default: "ghcr.io/"
-matrix_beeper_linkedin_docker_image_tag: "{{ 'latest' if matrix_beeper_linkedin_version == 'master' else matrix_beeper_linkedin_version }}"
+matrix_beeper_linkedin_container_image: "{{ matrix_beeper_linkedin_container_image_registry_prefix }}beeper/linkedin:{{ matrix_beeper_linkedin_container_image_tag }}"
+matrix_beeper_linkedin_container_image_force_pull: "{{ matrix_beeper_linkedin_container_image_tag.startswith('latest') }}"
+matrix_beeper_linkedin_container_image_registry_prefix: "{{ 'localhost/' if matrix_beeper_linkedin_container_image_self_build else matrix_beeper_linkedin_container_image_registry_prefix_upstream }}"
+matrix_beeper_linkedin_container_image_registry_prefix_upstream: "{{ matrix_beeper_linkedin_container_image_registry_prefix_upstream_default }}"
+matrix_beeper_linkedin_container_image_registry_prefix_upstream_default: "ghcr.io/"
+matrix_beeper_linkedin_container_image_tag: "{{ 'latest' if matrix_beeper_linkedin_version == 'master' else matrix_beeper_linkedin_version }}"

 matrix_beeper_linkedin_container_image_self_build: false
 matrix_beeper_linkedin_container_image_self_build_repo: "https://github.com/beeper/linkedin"
@@ -33,7 +33,7 @@ matrix_beeper_linkedin_container_image_self_build_branch: "{{ 'master' if matrix
 matrix_beeper_linkedin_base_path: "{{ matrix_base_data_path }}/beeper-linkedin"
 matrix_beeper_linkedin_config_path: "{{ matrix_beeper_linkedin_base_path }}/config"
 matrix_beeper_linkedin_data_path: "{{ matrix_beeper_linkedin_base_path }}/data"
-matrix_beeper_linkedin_docker_src_files_path: "{{ matrix_beeper_linkedin_base_path }}/docker-src"
+matrix_beeper_linkedin_container_src_files_path: "{{ matrix_beeper_linkedin_base_path }}/docker-src"

 matrix_beeper_linkedin_homeserver_address: ""
 matrix_beeper_linkedin_homeserver_domain: "{{ matrix_domain }}"
--- a/roles/custom/matrix-bridge-beeper-linkedin/tasks/setup_install.yml
+++ b/roles/custom/matrix-bridge-beeper-linkedin/tasks/setup_install.yml
@@ -15,21 +15,21 @@
  ansible.builtin.file:
    path: "{{ item.path }}"
    state: directory
-    mode: 0750
+    mode: '0750'
    owner: "{{ matrix_user_name }}"
    group: "{{ matrix_group_name }}"
  with_items:
    - {path: "{{ matrix_beeper_linkedin_base_path }}", when: true}
    - {path: "{{ matrix_beeper_linkedin_config_path }}", when: true}
    - {path: "{{ matrix_beeper_linkedin_data_path }}", when: true}
-    - {path: "{{ matrix_beeper_linkedin_docker_src_files_path }}", when: "{{ matrix_beeper_linkedin_container_image_self_build }}"}
+    - {path: "{{ matrix_beeper_linkedin_container_src_files_path }}", when: "{{ matrix_beeper_linkedin_container_image_self_build }}"}
  when: "item.when | bool"

 - name: Ensure beeper-linkedin config.yaml installed
  ansible.builtin.copy:
    content: "{{ matrix_beeper_linkedin_configuration | to_nice_yaml(indent=2, width=999999) }}"
    dest: "{{ matrix_beeper_linkedin_config_path }}/config.yaml"
-    mode: 0644
+    mode: '0644'
    owner: "{{ matrix_user_name }}"
    group: "{{ matrix_group_name }}"
  register: matrix_beeper_linkedin_config_result
@@ -38,17 +38,17 @@
  ansible.builtin.copy:
    content: "{{ matrix_beeper_linkedin_registration | to_nice_yaml(indent=2, width=999999) }}"
    dest: "{{ matrix_beeper_linkedin_config_path }}/registration.yaml"
-    mode: 0644
+    mode: '0644'
    owner: "{{ matrix_user_name }}"
    group: "{{ matrix_group_name }}"
  register: matrix_beeper_linkedin_registration_result

 - name: Ensure Beeper LinkedIn container image is pulled
  community.docker.docker_image:
-    name: "{{ matrix_beeper_linkedin_docker_image }}"
+    name: "{{ matrix_beeper_linkedin_container_image }}"
    source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
-    force_source: "{{ matrix_beeper_linkedin_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
-    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_beeper_linkedin_docker_image_force_pull }}"
+    force_source: "{{ matrix_beeper_linkedin_container_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
+    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_beeper_linkedin_container_image_force_pull }}"
  when: "not matrix_beeper_linkedin_container_image_self_build | bool"
  register: matrix_beeper_linkedin_container_image_pull_result
  retries: "{{ devture_playbook_help_container_retries_count }}"
@@ -60,7 +60,7 @@
    - name: Ensure Beeper LinkedIn repository is present on self-build
      ansible.builtin.git:
        repo: "{{ matrix_beeper_linkedin_container_image_self_build_repo }}"
-        dest: "{{ matrix_beeper_linkedin_docker_src_files_path }}"
+        dest: "{{ matrix_beeper_linkedin_container_src_files_path }}"
        version: "{{ matrix_beeper_linkedin_container_image_self_build_branch }}"
        force: "yes"
      become: true
@@ -75,7 +75,7 @@
          {{ devture_systemd_docker_base_host_command_docker }} run
          --rm
          --entrypoint=/bin/sh
-          --mount type=bind,src={{ matrix_beeper_linkedin_docker_src_files_path }},dst=/work
+          --mount type=bind,src={{ matrix_beeper_linkedin_container_src_files_path }},dst=/work
          -w /work
          docker.io/python:3.9.6-buster
          -c "pip install poetry && poetry export --without-hashes -E e2be -E images -E metrics | sed 's/==.*//g' > docker-requirements.txt"
@@ -84,13 +84,13 @@

    - name: Ensure Beeper LinkedIn container image is built
      community.docker.docker_image:
-        name: "{{ matrix_beeper_linkedin_docker_image }}"
+        name: "{{ matrix_beeper_linkedin_container_image }}"
        source: build
        force_source: "{{ matrix_beeper_linkedin_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
        force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_beeper_linkedin_git_pull_results.changed }}"
        build:
          dockerfile: Dockerfile
-          path: "{{ matrix_beeper_linkedin_docker_src_files_path }}"
+          path: "{{ matrix_beeper_linkedin_container_src_files_path }}"
          pull: true
          args:
            TARGETARCH: "{{ matrix_architecture }}"
@@ -106,7 +106,7 @@
  ansible.builtin.template:
    src: "{{ role_path }}/templates/systemd/matrix-beeper-linkedin.service.j2"
    dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-beeper-linkedin.service"
-    mode: 0644
+    mode: '0644'
  register: matrix_beeper_linkedin_systemd_service_result

 - name: Determine whether matrix-beeper-linkedin needs a restart
--- a/roles/custom/matrix-bridge-beeper-linkedin/tasks/validate_config.yml
+++ b/roles/custom/matrix-bridge-beeper-linkedin/tasks/validate_config.yml
@@ -7,6 +7,23 @@

 ---

+- name: (Deprecation) Catch and report renamed beeper-linkedin settings
+  ansible.builtin.fail:
+    msg: >-
+      Your configuration contains a variable, which now has a different name.
+      Please rename the variable (`{{ item.old }}` -> `{{ item.new }}`) on your configuration file (vars.yml).
+  when: "lookup('ansible.builtin.varnames', ('^' + item.old + '$'), wantlist=True) | length > 0"
+  with_items:
+    - {'old': 'matrix_beeper_linkedin_login_shared_secret', 'new': '<superseded by matrix_beeper_linkedin_bridge_login_shared_secret_map_*>'}
+    - {'old': 'matrix_beeper_linkedin_docker_image_name_prefix', 'new': 'matrix_beeper_linkedin_container_image_registry_prefix'}
+    - {'old': 'matrix_beeper_linkedin_docker_image', 'new': 'matrix_beeper_linkedin_container_image'}
+    - {'old': 'matrix_beeper_linkedin_docker_image_force_pull', 'new': 'matrix_beeper_linkedin_container_image_force_pull'}
+    - {'old': 'matrix_beeper_linkedin_docker_image_registry_prefix', 'new': 'matrix_beeper_linkedin_container_image_registry_prefix'}
+    - {'old': 'matrix_beeper_linkedin_docker_image_registry_prefix_upstream', 'new': 'matrix_beeper_linkedin_container_image_registry_prefix_upstream'}
+    - {'old': 'matrix_beeper_linkedin_docker_image_registry_prefix_upstream_default', 'new': 'matrix_beeper_linkedin_container_image_registry_prefix_upstream_default'}
+    - {'old': 'matrix_beeper_linkedin_docker_image_tag', 'new': 'matrix_beeper_linkedin_container_image_tag'}
+    - {'old': 'matrix_beeper_linkedin_docker_src_files_path', 'new': 'matrix_beeper_linkedin_container_src_files_path'}
+
 - name: Fail if required beeper-linkedin settings not defined
  ansible.builtin.fail:
    msg: >-
@@ -18,13 +35,3 @@
    - {'name': 'matrix_beeper_linkedin_homeserver_token', when: true}
    - {'name': 'matrix_beeper_linkedin_database_hostname', when: "{{ matrix_beeper_linkedin_database_engine == 'postgres' }}"}
    - {'name': 'matrix_beeper_linkedin_container_network', when: true}
-
- name: (Deprecation) Catch and report renamed beeper-linkedin settings
-  ansible.builtin.fail:
-    msg: >-
-      Your configuration contains a variable, which now has a different name.
-      Please rename the variable (`{{ item.old }}` -> `{{ item.new }}`) on your configuration file (vars.yml).
-  when: "lookup('ansible.builtin.varnames', ('^' + item.old + '$'), wantlist=True) | length > 0"
-  with_items:
-    - {'old': 'matrix_beeper_linkedin_login_shared_secret', 'new': '<superseded by matrix_beeper_linkedin_bridge_login_shared_secret_map_*>'}
-    - {'old': 'matrix_beeper_linkedin_docker_image_name_prefix', 'new': 'matrix_beeper_linkedin_docker_image_registry_prefix'}
--- a/roles/custom/matrix-bridge-beeper-linkedin/templates/systemd/matrix-beeper-linkedin.service.j2
+++ b/roles/custom/matrix-bridge-beeper-linkedin/templates/systemd/matrix-beeper-linkedin.service.j2
@@ -28,7 +28,7 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \
 			{% for arg in matrix_beeper_linkedin_container_extra_arguments %}
 			{{ arg }} \
 			{% endfor %}
-			{{ matrix_beeper_linkedin_docker_image }} \
+			{{ matrix_beeper_linkedin_container_image }} \
 			python3 -m linkedin_matrix -c /config/config.yaml -r /config/registration.yaml --no-update

 {% for network in matrix_beeper_linkedin_container_additional_networks %}
--- a/roles/custom/matrix-bridge-heisenbridge/defaults/main.yml
+++ b/roles/custom/matrix-bridge-heisenbridge/defaults/main.yml
@@ -20,11 +20,11 @@ matrix_heisenbridge_path_prefix: "/heisenbridge"

 # renovate: datasource=docker depName=hif1/heisenbridge
 matrix_heisenbridge_version: 1.15.4
-matrix_heisenbridge_docker_image: "{{ matrix_heisenbridge_docker_image_registry_prefix }}hif1/heisenbridge:{{ matrix_heisenbridge_version }}"
-matrix_heisenbridge_docker_image_registry_prefix: "{{ matrix_heisenbridge_docker_image_registry_prefix_upstream }}"
-matrix_heisenbridge_docker_image_registry_prefix_upstream: "{{ matrix_heisenbridge_docker_image_registry_prefix_upstream_default }}"
-matrix_heisenbridge_docker_image_registry_prefix_upstream_default: "docker.io/"
-matrix_heisenbridge_docker_image_force_pull: "{{ matrix_heisenbridge_docker_image.endswith(':latest') }}"
+matrix_heisenbridge_container_image: "{{ matrix_heisenbridge_container_image_registry_prefix }}hif1/heisenbridge:{{ matrix_heisenbridge_version }}"
+matrix_heisenbridge_container_image_registry_prefix: "{{ matrix_heisenbridge_container_image_registry_prefix_upstream }}"
+matrix_heisenbridge_container_image_registry_prefix_upstream: "{{ matrix_heisenbridge_container_image_registry_prefix_upstream_default }}"
+matrix_heisenbridge_container_image_registry_prefix_upstream_default: "docker.io/"
+matrix_heisenbridge_container_image_force_pull: "{{ matrix_heisenbridge_container_image.endswith(':latest') }}"

 # Set this to your Matrix ID if you want to enforce the owner, otherwise first _local_ user becomes one
 matrix_heisenbridge_owner: ""
--- a/Show More
+++ b/Show More